logo
welcome
About us
Newsletter
News Widget
Media Inquiries

Summary

Malicious Packages Target NPM Repository

This is a news story, published by Ars Technica, that relates primarily to IP news.

crypto trading & speculation news

For more crypto trading & speculation news, you can click here:

more crypto trading & speculation news

Ars Technica news

For more news from Ars Technica, you can click here:

more news from Ars Technica

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best business news, entertainment news, world news, and much more. If you like crypto trading & speculation news, you might also like this article about

malicious packages

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest supply chain attacks news, malware authors news, crypto trading & speculation news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

stage malware payloads
Ars Technica

Ars Technica

Hundreds of code libraries posted to NPM try to install malware on dev machines

Ars Technica
Summary
Nutrition label

65% Informative

Hundreds of malicious packages have been uploaded to the open source node package manager repository.

The malicious packages use a novel way to conceal the IP address the devices contact to receive malicious second -stage malware payloads.

The discovery comes on the heels of a similar campaign targeting developers using forks of the Ethers.js library.

VR Score

48

Informative language

35

Neutral language

66

Article tone

formal

Language

English

Language complexity

58

Offensive language

possibly offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

detected

Time-value

short-lived

External references

5

https://www.npmjs.com/package/puppeteerhttps://blog.phylum.io/supply-chain-security-typosquat-campaign-targeting-puppeteer-users/https://ethereum.org/en/developers/docs/networks/https://blog.phylum.io/trojanized-ethers-forks-on-npm-attempting-to-steal-ethereum-private-keys/https://www.npmjs.com/package/bignum.js

Source diversity

3

www.npmjs.comblog.phylum.ioethereum.org

Affiliate links

no affiliate links

Read full article