Packages

Blog
digitpatrox4 weeks ago
62

Infostealer campaign compromises 10 npm packages, targets devs

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, “/scripts/launch.js” and “/scripts/diagnostic-report.js,” which execute upon…
Read More »
Blog
digitpatroxMarch 11, 2025
61

North Korean Lazarus hackers infect hundreds via npm packages

Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations.…
Read More »
Blog
digitpatroxJanuary 4, 2025
193

Malicious npm packages target Ethereum developers’ private keys

Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. Collectively, the malicious packages have recorded more than one thousand downloads, researchers say. Narrow targeting campaign Hardhat is a widely used Ethereum development environment maintained by the Nomic Foundation. It is used for developing, testing, and deploying smart contracts and decentralized…
Read More »
Blog
digitpatroxDecember 20, 2024
114

Malicious Rspack, Vant packages published using stolen NPM tokens

Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket researchers, deployed the XMRig cryptocurrency miner on compromised systems for mining the hard-to-trace Monero privacy cryptocurrency. Additionally, Sonatype discovered that all three npm packages fell…
Read More »
Blog
digitpatroxNovember 26, 2024
138

How to Make Sure Your Packages Don’t Get Stolen

Contact the Retailer. Retailers have different policies on handling package thefts. Some, such as Target, have fine-print clauses saying the risk of loss passes to the buyer when the purchase is delivered to the shipping company. Still, it doesn’t hurt to ask. According to our survey, this is the most common action that victims take, with 58 percent of Americans…
Read More »

Packages

Infostealer campaign compromises 10 npm packages, targets devs

North Korean Lazarus hackers infect hundreds via npm packages

Malicious npm packages target Ethereum developers’ private keys

Malicious Rspack, Vant packages published using stolen NPM tokens

How to Make Sure Your Packages Don’t Get Stolen

Nebula just launched a new outdoor 3,500-lumen projector — and it’s totally liquid cooled

Lazarus hackers breach six companies in watering hole attacks

Nintendo Switch 2 preorders are open at GameStop (update: sold out)

How to upgrade Windows 10 to 11 24H2

OpenAI and Anthropic Sign Deals With U.S. AI Safety Institute

Working from the office means a pay cut – Computerworld

Ransomware gang Interlock claims attack on kidney dialysis company DaVita – 1.5 TB of data stolen

IBM puts on a brave face as US government cuts hit 15 contracts

European tech firm rallies for digital sovereignty amid rising tech nationalism globally – Computerworld

FBI disrupts the Dispossessor ransomware operation, seizes servers

TikTok Is Pushing Old and False News as ”Breaking” Alerts

Today’s AI models have a poor grasp of world history – Computerworld