Packages

  • Blog
    digitpatrox2 weeks ago
    55

    Developers beware: Malware has been found in a dozen popular NPM packages – here’s what you need to know

    More than a dozen NPM packages, with a combined million weekly downloads, have been compromised to deliver malware. Node Package Manager (NPM) is the widely-used default package manager for the JavaScript runtime environment, Node.js, and is used to install libraries, share packages, manage dependencies, run scripts, and more. A newly-discovered Remote Access Trojan (RAT) enables an attacker to execute shell…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    41

    Malicious npm packages posing as utilities delete project directories

    Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. The data wiper packages are ‘express-api-sync’ and ‘system-health-sync-api,’ and pose as database syncing and system health monitoring Ttools. According to open-source software security firm Socket, they both contain backdoors that enable…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    46

    Supply chain attack hits Gluestack NPM packages with 960K weekly downloads

    A significant supply chain attack hit NPM after 16 popular Gluestack ‘react-native-aria’ packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). BleepingComputer determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the react-native-aria/focus package was published to NPM. Since then, 16 of the 20…

    Read More »
  • Blog
    digitpatroxMay 23, 2025
    72

    Dozens of malicious packages on NPM collect host and network data

    60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat Research team, the packages were uploaded to the NPM repository starting May 12 from three publisher accounts. Each of the malicious packages contains a post-install script that…

    Read More »
  • Blog
    digitpatroxMay 1, 2025
    89

    Malicious PyPI packages abuse Gmail, websockets to hijack systems

    Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket’s threat research team, who reported their findings to the PyPI, resulting in the removal of the packages. However, some of these packages were on PyPI for over four years, and based on third-party download counters,…

    Read More »
  • Blog
    digitpatroxMarch 28, 2025
    119

    Infostealer campaign compromises 10 npm packages, targets devs

    Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, “/scripts/launch.js” and “/scripts/diagnostic-report.js,” which execute upon…

    Read More »
  • Blog
    digitpatroxMarch 11, 2025
    112

    North Korean Lazarus hackers infect hundreds via npm packages

    Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations.…

    Read More »
  • Blog
    digitpatroxJanuary 4, 2025
    237

    Malicious npm packages target Ethereum developers’ private keys

    Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. Collectively, the malicious packages have recorded more than one thousand downloads, researchers say. Narrow targeting campaign Hardhat is a widely used Ethereum development environment maintained by the Nomic Foundation. It is used for developing, testing, and deploying smart contracts and decentralized…

    Read More »
  • Blog
    digitpatroxDecember 20, 2024
    174

    Malicious Rspack, Vant packages published using stolen NPM tokens

    Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket researchers, deployed the XMRig cryptocurrency miner on compromised systems for mining the hard-to-trace Monero privacy cryptocurrency. Additionally, Sonatype discovered that all three npm packages fell…

    Read More »
  • Blog
    digitpatroxNovember 26, 2024
    184

    How to Make Sure Your Packages Don’t Get Stolen

    Contact the Retailer. Retailers have different policies on handling package thefts. Some, such as Target, have fine-print clauses saying the risk of loss passes to the buyer when the purchase is delivered to the shipping company. Still, it doesn’t hurt to ask. According to our survey, this is the most common action that victims take, with 58 percent of Americans…

    Read More »
Back to top button
close