npm – OWASP Jakarta

Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages

Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation’s Hardhat tool in order to steal sensitive data from developer systems. “By exploiting trust in open source plugins, attackers have infiltrated Read more

By adminowasp, 7 months ago January 6, 2025

News

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer Read more

By adminowasp, 7 months ago January 2, 2025

News

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with Read more

By adminowasp, 7 months ago December 20, 2024

News

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and Read more

By adminowasp, 7 months ago December 19, 2024

News

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with an aim to drain their cryptocurrency wallets. The attack has been detected Read more

By adminowasp, 8 months ago December 4, 2024

News

XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine Read more

By adminowasp, 8 months ago November 28, 2024

News

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware Nov 08, 2024Ravie LakshmananOpen Source / Malware A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. “This incident highlights the alarming Read more

By adminowasp, 9 months ago November 8, 2024

News

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages Nov 05, 2024Ravie LakshmananMalware / Blockchain An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum Read more

By adminowasp, 9 months ago November 5, 2024

News

LottieFiles Issues Warning About Compromised “lottie-player” npm Package

LottieFiles Issues Warning About Compromised “lottie-player” npm Package Oct 31, 2024Ravie LakshmananCryptocurrency / Software Development LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to release an updated version of the library. “On October 30th ~6:20 PM UTC – LottieFiles Read more

By adminowasp, 9 months ago October 31, 2024

News

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers Oct 28, 2024Ravie LakshmananMalware / Threat Intelligence Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign Read more

By adminowasp, 9 months ago October 28, 2024