19 Npm Packages Compromised In Major Supply Chain Attack Ox Security Ten typosquatted npm packages (jul 4, 2025) delivered a 24mb pyinstaller info stealer using 4 obfuscation layers; ~9,900 downloads. Security researchers have uncovered a coordinated, multi stage campaign that used typosquatted npm packages to deliver a powerful information stealer affecting windows, macos, and linux systems. the operation relied on popular developer workflows (installing npm modules) to trick victims into executing a hidden payload that harvests credentials from browsers, system keyrings, ssh configs, and.
Stealthy Npm Malware Exposes Developer Data Infosecurity Magazine Recently, security researchers socket found 10 packages on npm targeting software developers, specifically those who use the npm (node package manager) ecosystem to install javascript and node.js. Ten rogue npm packages are posing as popular libraries to secretly steal developer credentials. Ten malicious npm packages auto run on install, stealing credentials via obfuscation and typosquatting across all major os platforms. Socket's threat research team discovered 10 malicious npm packages that deploy a multi stage credential theft operation. the malware uses four layers of obfuscation to hide its payload, displays a fake captcha to appear legitimate, fingerprints victims by ip address, and downloads a 24mb pyinstaller packaged information stealer that harvests credentials from system keyrings, browsers, and.
Hundreds Of Npm Packages Hit In Ongoing Attack Cybernews Ten malicious npm packages auto run on install, stealing credentials via obfuscation and typosquatting across all major os platforms. Socket's threat research team discovered 10 malicious npm packages that deploy a multi stage credential theft operation. the malware uses four layers of obfuscation to hide its payload, displays a fake captcha to appear legitimate, fingerprints victims by ip address, and downloads a 24mb pyinstaller packaged information stealer that harvests credentials from system keyrings, browsers, and. The goal was to make developers accidentally install them, allowing attackers to secretly execute malicious code during the installation process on windows, macos, and linux systems. when these fake packages were installed, they automatically ran hidden code without any user action. Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting windows, linux, and macos systems. “the malware uses four layers of obfuscation to hide its payload, displays a fake captcha to appear legitimate, fingerprints victims by ip address, and downloads a 24mb pyinstaller packaged information stealer that harvests. Attackers published 10 packages that mimic well known npm projects. when a developer installs any of these packages, a malicious postinstall hook runs automatically and launches a chain of scripts that ultimately fetch and execute a 24 mb pyinstaller packed information stealer. the operation is multi‑stage and heavily obfuscated to avoid analysis. Oct 29, 2025 ravie lakshmananmalware menace intelligence cybersecurity researchers have found a set of 10 malicious npm packages which might be designed to ship an data stealer focusing on home windows, linux, and macos programs. “the malware makes use of 4 layers of obfuscation to cover its payload, shows a pretend captcha to look respectable, fingerprints victims by ip deal with, and.
Malicious Npm Packages Target Ethereum Developers Private Keys The goal was to make developers accidentally install them, allowing attackers to secretly execute malicious code during the installation process on windows, macos, and linux systems. when these fake packages were installed, they automatically ran hidden code without any user action. Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting windows, linux, and macos systems. “the malware uses four layers of obfuscation to hide its payload, displays a fake captcha to appear legitimate, fingerprints victims by ip address, and downloads a 24mb pyinstaller packaged information stealer that harvests. Attackers published 10 packages that mimic well known npm projects. when a developer installs any of these packages, a malicious postinstall hook runs automatically and launches a chain of scripts that ultimately fetch and execute a 24 mb pyinstaller packed information stealer. the operation is multi‑stage and heavily obfuscated to avoid analysis. Oct 29, 2025 ravie lakshmananmalware menace intelligence cybersecurity researchers have found a set of 10 malicious npm packages which might be designed to ship an data stealer focusing on home windows, linux, and macos programs. “the malware makes use of 4 layers of obfuscation to cover its payload, shows a pretend captcha to look respectable, fingerprints victims by ip deal with, and.
Comments are closed.