A new report has found that some malicious software is being distributed via trusted software repositories, despite efforts to monitor them. Recently, two packages containing the TurkoRat trojan remained undetected in the repositories for more than two months. The packages relied on typosquatting, where malicious code is added to a legitimate software package, which is then published with a similar name. Researchers, at ReversingLabs, discovered two legitimate-looking packages; nodejs-encrypt-agent and nodejs-cookie-proxy-agent; that contained unexpected behaviour. The two packages were downloaded 500 and 700 times respectively and were almost certainly responsible for TurkoRat being spread. The malware is designed to steal login credentials and cryptocurrencies from infected machines; it is also capable of taking screenshots. Compromised developer machines can give hackers access to the software development tools and infrastructure of the organisations that the developer works for, leading to a cascade of software supply chain attacks.

Source link