Recent findings by cybersecurity researchers highlight two dangerous packages on the npm registry, ethers-provider2 and ethers-providerz, which aim to infect the widely-used package ethers. The clever design of the malware allows it to embed malicious functionality even after the rogue packages have been removed. Specifically, ethers-provider2 operates as a trojanized version of the ssh2 package, capable of executing a second-stage payload that re-establishes malicious control if the original ethers package is present on the system. This marks a significant escalation in software supply chain threats.
The malicious packages were designed to infect the popular npm package ethers, showcasing a sophisticated evolution of software supply chain attacks in the open-source ecosystem.
ReversingLabs' analysis shows that ethers-provider2 is a trojanized ssh2 package that retrieves and executes second-stage malware, evading detection by deleting itself immediately.
Collection
[
|
...
]