npm

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack – Go Health Pro

by
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack – Go Health Pro

Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of … Read more

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools – Go Health Pro

by
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools – Go Health Pro

Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. “While … Read more

North Korean Hackers Goal Builders with Malicious npm Packages – Go Well being Professional

by
North Korean Hackers Goal Builders with Malicious npm Packages – Go Well being Professional

Aug 30, 2024Ravie LakshmananCryptocurrency / Malware Risk actors with ties to North Korea have been noticed publishing a set of malicious packages to the npm registry, indicating “coordinated and relentless” efforts to focus on builders with malware and steal cryptocurrency belongings. The most recent wave, which was noticed between August 12 and 27, 2024, concerned … Read more

x