The NPM package manager, used to spread malware among NodeJS application developers
NPM (acronym for ‘Node Package Manager’) is the name of the NodeJS repository and package manager, a popular JavaScript runtime environment that developers have been using for years to share tools, manage dependencies and in general, publish open source JavaScript projects.
Now, the integrity of NPM has been compromised by malware infiltrating the repository: Several software packages have been detected infected with the CursedGrabber malware. Specifically, the affected packages are an0n-chat-lib, discord-fix and sonatype, all of them published by the user “scp173-deleted”.
A new (and dangerous) way of spreading malware
Such a vulnerability is potentially serious because doesn’t just affect developer teams to install those packages, but the malware would corrupt also the web applications created by them and thus also to the computers of its users.
Therefore, the infection of this class of repositories is an increasingly used tactic by cyber attackers to ensure the spread of their malware.
So last month the RubyGems repository (which occupies a similar role to npm, but among Ruby developers) detected the corruption of two of its packages with code that stole cryptocurrencies through the resource of changing the destination address of a transaction by the attacker at the time of copy / paste.
As Ax Sharma, cybersecurity researcher at Sonatype, explained to Threatpost,
“We have witnessed numerous open source malware attacking sites like GitHub, NPM, and RubyGems: Attackers take advantage of trust within the open source community to spread virtually any type of malware, from CursedGrabber to sophisticated spy Trojans like njRAT “.
What is CursedGrabber?
Specifically, CursedGrabber is intended for theft of tokens and personal information from Discord users, the platform for creating web communities that allows communication between its users through text, calls, video calls, etc.
Discord tokens are used by bots to communicate with the API, so theft of a token allows an attacker to hack into the affected community. In the present case, this theft is carried out by manipulating the hosts files in Windows.
Related Posts:
- This website allows you to check if your email or domain has been used in attacks by Emotet, “the most dangerous malware in the world”
- It looks like a USB cable, but it is actually used to install malware and control other devices remotely
- Wikipedia used to distribute malware
- this is the latest malware discovered to infect Android devices
- Emotet, “the most dangerous malware in the world”, has been dismantled by a worldwide police action
- A new self-replicating malware is forcing both Windows and Linux servers to mine the Monero cryptocurrency
- A new ‘phishing’ campaign sends a false statement on perimeter restrictions due to COVID-19 with camouflaged malware
- malware protection, enhanced dark mode, and more
- This Android malware is reinstalling itself even when factory restoring the mobile
- They impersonate the Ministry of Health so that you download malware under the pretext of an alleged protocol against the coronavirus
- They discover that the T2 chip in Macs can be installed with malware … and Apple cannot patch it
- Microsoft denies that being able to download malware with Windows Defender is a security problem
- Silex, the aggressive malware that has more than 2000 blocked IoT devices and that wants to put the world in check in the coming days
- the difficult fight against malware of the moment
- This original Apple Lightning cable contains malware to control a computer remotely
- Apple’s Malware Cable and Today’s Six Biggest Tech News
- Pre-installed malware discovered on Transsion smartphones, a low-cost manufacturer focused on emerging countries
- Apple mistakenly notarizes malware disguised as Flash Player, which has already been blocked again
- ElevenPaths’ new free tool that scans your documents for malware without invading your privacy
- Microsoft Defender cannot be deactivated via the registry by malware or by us, although it will allow the use of other antivirus
- They discover a new ‘malware’ capable of affecting Xcode projects
- Anonymous (hero) is removing Phorpiex malware from infected PCs and advising his users to use an antivirus
- Android malware is accessing Google Authenticator to read double-factor temporary codes
- Microsoft launches a tool to detect advanced malware in Linux virtual machines
- This malware infects chargers to change their power and overheat the phone until it burns
- Lookout updates to curb the batch of malware
- To avoid being detected, this malware even asks you to complete a CAPTCHA
- How to avoid malware on Android?
- Someone is mitigating the Emotet botnet by replacing its malware with GIFs
- a malware from 2014 that is wreaking havoc in 2020 and is being alerted by security agencies in many countries
- Lookout publishes a list of malware-infected applications on the Android Market
- Is it easy to put malware on the Android Market?
- Protecting from malware through privileges
- Zcodec, malware that modifies DNS settings
- Eleven Free Malware Removal Programs and How to Use Them
- Malware comes home for Christmas
- Malware that modifies Google results
- [HOT] : Kaspersky commentary on Pegasus malware
- Tekken 7 – Antivirus software sees malware in new update
- [HOT] : Hidden and running in GPU memory, this new malware is undetectable by antiviruses
- [HOT] : Antivirus undetectable malware attacks AMD and Nvidia graphics cards
- Spamthru, a Trojan that removes the rest of the malware from your computer
- [HOT] : New malware attacks your Steam account
- [HOT] : Malware steals Steam, Epic and Origin accounts
- [HOT] : BloodyStealer, a malware made to steal player accounts
- [HOT] : Millions of phones infected with GriftHorse malware
- [HOT] : This malware has infected more than 10 million Android phones and can be very expensive | Technology
- [HOT] : Squid Game app downloaded thousands of times was really Joker malware in disguise
- [HOT] : Beware of the Squid Game malware, as popular as the Netflix series
- [REVIEW] : Malware that forcibly enrolls you in premium subscriptions, attacks an Android app
