Packages

Blog
digitpatrox1 week ago
36

Infostealer campaign compromises 10 npm packages, targets devs

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, “/scripts/launch.js” and “/scripts/diagnostic-report.js,” which execute upon…
Read More »
Blog
digitpatrox3 weeks ago
40

North Korean Lazarus hackers infect hundreds via npm packages

Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations.…
Read More »
Blog
digitpatroxJanuary 4, 2025
173

Malicious npm packages target Ethereum developers’ private keys

Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. Collectively, the malicious packages have recorded more than one thousand downloads, researchers say. Narrow targeting campaign Hardhat is a widely used Ethereum development environment maintained by the Nomic Foundation. It is used for developing, testing, and deploying smart contracts and decentralized…
Read More »
Blog
digitpatroxDecember 20, 2024
99

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket researchers, deployed the XMRig cryptocurrency miner on compromised systems for mining the hard-to-trace Monero privacy cryptocurrency. Additionally, Sonatype discovered that all three npm packages fell…
Read More »
Blog
digitpatroxNovember 26, 2024
120

How to Make Sure Your Packages Don’t Get Stolen

Contact the Retailer. Retailers have different policies on handling package thefts. Some, such as Target, have fine-print clauses saying the risk of loss passes to the buyer when the purchase is delivered to the shipping company. Still, it doesn’t hurt to ask. According to our survey, this is the most common action that victims take, with 58 percent of Americans…
Read More »

Packages

Infostealer campaign compromises 10 npm packages, targets devs

North Korean Lazarus hackers infect hundreds via npm packages

Malicious npm packages target Ethereum developers’ private keys

Malicious Rspack, Vant packages published using stolen NPM tokens

How to Make Sure Your Packages Don’t Get Stolen

Microsoft starts testing Windows 11 taskbar icon scaling

Google’s regular Pixel 10 will reportedly get worse (but more) cameras

Netflix’s Devil May Cry Ending Explained

30 of the Best Easy Last-Minute Halloween Costume Ideas for 2024

Today’s NYT Connections Hints and Answer for February 3rd (#603)

Five Portable Batteries to Buy If Your Anker Was Recalled

How to Power Almost Any Smart Home Device With Power-Over-Ethernet

Amazon’s Project Kuiper Internet Satellite Initiative Launches This Month

‘The White Lotus’ season 3 finale is a whopping 90 minutes — and it can save what’s been a very uneven stay

Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists

FBI disrupts the Dispossessor ransomware operation, seizes servers

Today’s AI models have a poor grasp of world history – Computerworld