NPM users warned dozens of malicious packages aim to steal host and network data




  • Socket found 60 malicious NPM packages
  • The malware spoofed legitimate packages
  • It was capable of exfiltrating sensitive data

Cybersecurity researchers Socket have warned of multiple malicious packages hosted on NPM, stealing sensitive user data and relaying it to the attackers.

In a blog post, Socket said it identified 60 packages on NPM, which were uploaded from May 12 onward, using three separate accounts. The packages contained a post-install script that runs during ‘npm install’ and exfiltrates hostnames, internal IP addresses, user home directories, current working directories, usernames, and system DNS servers.

https://cdn.mos.cms.futurecdn.net/Ff7Dszi85SiGJuRKiyKZwg.jpg



Source link

Latest articles

spot_imgspot_img

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img