Article 5SV3K Malicious NPM packages are part of a malware “barrage” hitting repositories

Malicious NPM packages are part of a malware “barrage” hitting repositories

by
Dan Goodin
from Ars Technica - All content on (#5SV3K)
software-code-800x534.jpg

Enlarge (credit: Getty Images)

Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish.

This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each other. Many of the 17 malicious packages appear to have been spread by different threat actors who used varying techniques and amounts of effort to trick developers into downloading malicious wares instead of the benign ones intended.

This latest discovery continues a trend first spotted a few years ago, in which miscreants sneak information stealers, keyloggers, or other types of malware into packages available in NPM, RubyGems, PyPi, or another repository. In many cases, the malicious package has a name that's a single letter different than a legitimate package. Often, the malicious package includes the same code and functionality as the package being impersonated and adds concealed code that carries out additional nefarious actions.

Read 9 remaining paragraphs | Comments

index?i=NX1mzATpujc:1fpUlVIjFMM:V_sGLiPB index?i=NX1mzATpujc:1fpUlVIjFMM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments