Tag: npm malware
2 articles
North Korea Targets Developers with AI-Generated npm Malware
Security researchers have uncovered a sneaky malware campaign targeting developers, involving a malicious npm package called @validate-sdk/v2 that's designed to steal sensitive secrets, including crypto-wallet credentials. This tainted package, linked to a North Korean threat actor, was cleverly disguised as a utility SDK for legitimate tasks like hashing and validation.
Malware Worm Exploits npm Packages to Hijack Developer Tokens
Meet CanisterSprawl, a sneaky self-propagating worm that's compromising npm packages and using stolen developer tokens to spread its reach. This malware goes beyond just stealing credentials, turning one infected environment into a web of additional package compromises.