Ethereum Smart Contracts

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages Nov 05, 2024Ravie LakshmananMalware / Blockchain An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum Read more…

BeaverTail Malware

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers Oct 28, 2024Ravie LakshmananMalware / Threat Intelligence Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign Read more…

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean Read more…

North Korean Hackers Targeting Developers with Malicious npm Packages

North Korean Hackers Targeting Developers with Malicious npm Packages

North Korean Hackers Targeting Developers with Malicious npm Packages A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages Read more…