Here's how carefully concealed backdoor in fake AWS files escaped mainstream notice

Here's how carefully concealed backdoor in fake AWS files escaped mainstream notice

Briefly

We have reported these packages for removal, however the malicious packages remained available on npm for nearly two days... leaving developers vulnerable to attack for longer periods of time.

Ars Technicahttps://arstechnica.com/security/2024/07/code-sneaked-into-fake-aws-downloaded-hundreds-of-times-backdoored-dev-devices/

The care the package developers put into the code and the effectiveness of their tactics underscores the growing sophistication of attacks targeting open source repositories.

Ars Technicahttps://arstechnica.com/security/2024/07/code-sneaked-into-fake-aws-downloaded-hundreds-of-times-backdoored-dev-devices/