Tag: node package manager
5 articles

Malicious AsyncAPI Packages Target npm Users with Credential-Stealing Malware
On July 14, a supply-chain intrusion briefly introduced trojanized AsyncAPI packages into the npm ecosystem, putting users at risk of credential-stealing malware. Five malicious releases in the @asyncapi namespace were downloaded hundreds of thousands of times during a four-hour window.

Jscrambler npm Package Infected with Infostealer Malware
A malicious version of the Jscrambler npm package was published, infecting nearly 1,500 downloads with infostealer malware within a two-hour window before being removed and replaced with a safe version. The incident was quickly contained, but users who downloaded the compromised package between releases 8.14 and 8.20 may be at risk.

Miasma Supply Chain Attack Targets Red Hat npm Packages
A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack
In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

Shai-Hulud Malware Fuels npm Infostealer Campaign
Malicious actors have unleashed a new wave of chaos with the Shai-Hulud malware, using typosquatting tactics to spread four malicious npm packages that can steal sensitive info and wreak havoc on systems. The packages, published under the account deadcode09284814, masquerade as legitimate tools, but are actually designed to siphon off credentials, cloud configs, and more.