"The latest example comes from researchers at Datadog Security, who said that last month they found 17 packages (23 releases) in the npm repository that contained downloader malware for Windows systems that executes via a postinstall script. The associated packages masquerade as Telegram bot helper packages, icon libraries, or legitimate-seeming forks of preexisting projects such as Cursor and React. They provide legitimate functionality, but their actual goal is to execute the Vidar infostealer malware on the victim system."
"Both of the accounts offering these packages (aartje andsaliii229911 ) have since been banned. However, they were on the registry for about two weeks, and the malicious packages were downloaded at least 2,240 times. However, the researchers believe many of those downloads were likely by automated scrapers, with some occurring after the packages had been removed and replaced with empty security holding packages."
"Malicious compromise of open source components can lead to all sorts of nasty things. First, threat actors can steal developers' credentials and insert backdoors into their code. Second, the malicious code in the downloaded component itself could spread around the world to the developer's customers."
Datadog Security found 17 npm packages (23 releases) containing downloader malware for Windows that executes via postinstall scripts. The packages masqueraded as Telegram bot helper packages, icon libraries, or forks of projects such as Cursor and React. The payload executed the Vidar infostealer on victim systems, representing the first public disclosure of Vidar delivered through npm packages. The malicious accounts (aartje andsaliii229911) were banned after about two weeks on the registry. The packages were downloaded at least 2,240 times, though many downloads were likely automated scrapers. Malicious open source components can steal developer credentials, insert backdoors, and spread malware to customers. Similar malicious uploads continue across npm, PyPI, GitHub, and other repositories.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]