Sources Contact Advanced Search Tutorials

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

December 2, 2020 08:10 pm

Malicious npm Packages Caught Installing Remote Access Trojans

The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers of developers working on JavaScript projects. From a report: The name of the two packages was jdb.js and db-json.js., and both were created by the same author and described themselves as tools to help developers work with JSON files typically generated by database applications. Both packages were uploaded on the npm package registry last week and were downloaded more than 100 times before their malicious behavior was detected by Sonatype, a company that scans package repositories on a regular basis. According to Sonatype's Ax Sharma, the two packages contained a malicious script that executed after web developers imported and installed any of the two malicious libraries. The post-install script performed basic reconnaissance of the infected host and then attempted to download and run a file named patch.exe that later installed njRAT, also known as Bladabindi, a very popular remote access trojan that has been used in espionage and data theft operations since 2015.

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot