Socket cybersecurity researchers have identified a malicious npm package, @naderabdi/merchant-advcash, that masquerades as a legitimate payment integration tool for Advcash (now Volet). This package, which is often used in grey-market cryptocurrency exchanges, contains a reverse shell that activates after successful payment transactions, allowing attackers to commandeer servers. Unlike typical malware, this attack is executed post-payment, evading detection by conventional security tools. This highlights an alarming trend in payments where malware is increasingly designed to exploit trust in transactions, necessitating stronger security protocols in payment processing.
Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment transactions, exposing vulnerabilities in payment ecosystems.
Socket's findings reveal a growing trend of malware targeting high-trust workflows in payment ecosystems, emphasizing the need for heightened security measures.
Collection
[
|
...
]