"Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1 contain obfuscated stealer/backdoor behavior."
"The malware appears to fingerprint the host environment, enumerate and read local files, compress and chunk collected data, wrap the payload in a cryptographic envelope, and attempt exfiltration through a network endpoint selected via DNS/address logic."
"The malware appears to fingerprint the host environment, enumerate and read local files, compress and chunk collected data, wrap the payload in a cryptographic envelope, and attempt exfiltration through a network endpoint selected via DNS/address logic."
"The latest incident appears to involve a suspicious republishing or reintroduction of malicious code into versions of a known package, rather than a typosquatting attempt."
Newly published versions of node-ipc have been identified as containing malicious stealer/backdoor behavior. Confirmed versions include 9.1.6, 9.2.3, and 12.0.1. The payload is heavily obfuscated and is triggered when the package is required at runtime. It fingerprints the host environment, enumerates and reads local files, compresses and chunks collected data, wraps the payload in a cryptographic envelope, and attempts exfiltration through a network endpoint selected via DNS or address logic. It also targets a broad set of developer and cloud secrets for transmission to an external command-and-control server. The package has previously included destructive and protest-related malicious functionality in earlier versions.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]