Cybersecurity researchers have discovered a malicious npm package, ethereumvulncontracthandler, which deploys the Quasar RAT on systems, highlighting continued risks for developers.
The malicious code embedded into ethereumvulncontracthandler is obscured with multiple levels of obfuscation, using techniques like Base64 and XOR encoding to resist detection.
Upon installation, it retrieves a malicious script from a remote server that executes silently to load Quasar RAT on Windows systems, compromising developer security.
Quasar RAT, first released on GitHub in 2014, has been utilized for various cybercrime and espionage campaigns, showcasing the need for vigilance among developers.
Collection
[
|
...
]