An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries there, researchers said.
The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency. The campaign, which was active at the time this post was going live on Ars, was reported by researchers from the security firm Phylum. The discovery comes on the heels of a similar campaign a few weeks ago targeting developers using forks of the Ethers.js library.
[...]
Hundreds of code libraries posted to NPM try to install malware on dev machines
Hundreds of code libraries posted to NPM try to install malware on dev machines
-
rbc
- President
- Posts: 291
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Hundreds of code libraries posted to NPM try to install malware on dev machines
Robert B. Carleton + ISC2 Central Mississippi President