HomeCyber BalkansNpm Packages Found Hosting TurkoRat Infostealer with Legitimate Appearance

Npm Packages Found Hosting TurkoRat Infostealer with Legitimate Appearance

Published on

spot_img

A new report has found that some malicious software is being distributed via trusted software repositories, despite efforts to monitor them. Recently, two packages containing the TurkoRat trojan remained undetected in the repositories for more than two months. The packages relied on typosquatting, where malicious code is added to a legitimate software package, which is then published with a similar name. Researchers, at ReversingLabs, discovered two legitimate-looking packages; nodejs-encrypt-agent and nodejs-cookie-proxy-agent; that contained unexpected behaviour. The two packages were downloaded 500 and 700 times respectively and were almost certainly responsible for TurkoRat being spread. The malware is designed to steal login credentials and cryptocurrencies from infected machines; it is also capable of taking screenshots. Compromised developer machines can give hackers access to the software development tools and infrastructure of the organisations that the developer works for, leading to a cascade of software supply chain attacks.

Source link

Latest articles

Forg365 PhaaS Utilizes Telegram and AI Tactics to Hijack Microsoft 365 Accounts

Forg365: A Commercial Phishing-as-a-Service Platform Targeting Microsoft 365 Users The emergence of Forg365, a sophisticated...

EU Extends Chat Control Rules to 2028

EU Moves Towards Extension of Temporary Child Protection Regulations: Privacy Concerns Emerge The European Union...

281 Android VPN Apps Expose Users to Traffic Leaks, Tracking, and Tunnel Hijacking Issues

A recent security analysis has illuminated significant privacy and security vulnerabilities within a staggering...

UNK MassTraction Aims for Partnerships with US and Canadian Universities

Targeted Cyber Attacks on U.S. and Canadian Universities: The Threat of UNK_MassTraction A newly identified...

More like this

Forg365 PhaaS Utilizes Telegram and AI Tactics to Hijack Microsoft 365 Accounts

Forg365: A Commercial Phishing-as-a-Service Platform Targeting Microsoft 365 Users The emergence of Forg365, a sophisticated...

EU Extends Chat Control Rules to 2028

EU Moves Towards Extension of Temporary Child Protection Regulations: Privacy Concerns Emerge The European Union...

281 Android VPN Apps Expose Users to Traffic Leaks, Tracking, and Tunnel Hijacking Issues

A recent security analysis has illuminated significant privacy and security vulnerabilities within a staggering...