How Threat Actors Are Using Npm To Launch Attacks New York Tech Media

How Threat Actors Are Using Npm To Launch Attacks - New York Tech Media

How Threat Actors Are Using Npm To Launch Attacks - New York Tech Media Whitesource released a threat report based on malicious activity found in npm, the most popular javascript package manager used by developers worldwide. the report is based on findings from more than 1,300 malicious npm packages identified in 2021. Threat actors registered the typosquatted domain npmjs.help on september 5, just three days before launching their campaign, and used it to impersonate legitimate npm administrative communications.

How Threat Actors Are Using Npm To Launch Attacks - New York Tech Media

How Threat Actors Are Using Npm To Launch Attacks - New York Tech Media A sophisticated supply chain attack has compromised several widely used npm packages, including eslint config prettier and eslint plugin prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The findings serve to highlight the novel ways threat actors are serving and persisting malware in developer systems, making it essential that packages from open source repositories are carefully scrutinized before downloading and using them. In a supply chain attack, attackers injected malware into npm packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used javascript tooling libraries.

North Korean Hackers Attacking Windows Users With Weaponized Npm Files

North Korean Hackers Attacking Windows Users With Weaponized Npm Files In a supply chain attack, attackers injected malware into npm packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used javascript tooling libraries. While there was a drop in instances of malware discovered on open source repositories like npm and pypi in 2024, threat actors have not lost interest in promoting malicious packages to open source developers. These packages aim to extract sensitive data, such as private keys and configuration details, posing significant risks to development environments. this article delves into the methods used by attackers, the implications for developers, and strategies for mitigating these threats. These attackers have been observed publishing a series of malicious packages to the npm registry, marking a coordinated and relentless effort to target software developers and exfiltrate. Recent analysis conducted during the second quarter of 2025 reveals that threat actors are persistently exploiting vulnerabilities in popular package repositories to distribute malware, exfiltrate sensitive data, and establish persistent footholds in victim environments.

Vulnerabilities In NPM Allowed Threat Actors To Publish New Version Of Any Package | The Daily Swig

Vulnerabilities In NPM Allowed Threat Actors To Publish New Version Of Any Package | The Daily Swig While there was a drop in instances of malware discovered on open source repositories like npm and pypi in 2024, threat actors have not lost interest in promoting malicious packages to open source developers. These packages aim to extract sensitive data, such as private keys and configuration details, posing significant risks to development environments. this article delves into the methods used by attackers, the implications for developers, and strategies for mitigating these threats. These attackers have been observed publishing a series of malicious packages to the npm registry, marking a coordinated and relentless effort to target software developers and exfiltrate. Recent analysis conducted during the second quarter of 2025 reveals that threat actors are persistently exploiting vulnerabilities in popular package repositories to distribute malware, exfiltrate sensitive data, and establish persistent footholds in victim environments.

Finding a Remote Access Trojan on NPM