Recently, 60 malicious packages were identified on the NPM repository, designed to collect sensitive information like hostnames and internal IPs. Discovered by Socket's Threat Research team, the packages were uploaded from three publisher accounts starting May 12. The malicious scripts are triggered during installation, and while they have not yet deployed second-stage payloads or escalated privileges, they present a significant threat due to the data collected. Although reported, many of these packages remained available at the time of writing, emphasizing the ongoing risks to developers and their environments.
Socket's Threat Research team discovered 60 malicious NPM packages that collect sensitive host and network data, highlighting significant risks of targeted attacks.
These malicious packages were uploaded between May 12 and were designed to execute a post-install script, retrieving sensitive information without user consent.
Collection
[
|
...
]