Fake IP checker utilities on npm are crypto stealers
Recently identified npm packages called "node-request-ip", "request-ip-check" and "request-ip-validator" impersonate handy open source utilities relied upon by developers to retrieve an external IP address but instead target Windows, Linux and macOS users with malicious executables which are trojans and cryptocurrency stealers ... Read More
Lottie Player compromised in supply chain attack — all you need to know
Popular JavaScript library and npm package Lottie Player was compromised in a supply chain attack with threat actors releasing three new versions of the component yesterday, all in a span of a few hours. Understand what this threat means for your business and what you need to do ... Read More
Counterfeit Lodash attack leverages AnyDesk to target Windows users
npm packages identified by Sonatype recently are named similar to the vastly popular JavaScript library, lodash. These packages abuse typosquatting and carry within them a modified version of AnyDesk utility to target developers using the Windows OS ... Read More
‘Netfetcher’ package drops illicit ‘node’ binary on Windows
Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of these executables are called "node.exe" and even bear the NodeJS icon and metadata, making them evasive and easily ... Read More
Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight
Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ecosystem. A single instance, recorded by Sonatype in July 2024, saw 281,512 distinct packages appearing on the npmjs.com ... Read More
Ideal typosquat ‘solana-py’ steals your crypto wallet keys
The legitimate Solana Python API project is known as "solana-py" on GitHub, but simply "solana" on the Python software registry, PyPI. This slight naming discrepancy has been leveraged by a threat actor who published a "solana-py" project on PyPI which, in addition to borrowing real code from the legitimate project, ... Read More
Npm packages conceal macOS malware in ‘travis.yml’ files, drop bogus “Safari Updates”
Three npm packages identified by Sonatype this week conceal malware in "travis.yml," a CI/CD build configuration file used by Travis CI. These packages contain metadata, description, and code copied from the legitimate "cli-width" package but instead deploy malicious macOS binary, disguised as "Safari updates." ... Read More
Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised ... Read More
Exploit creator selling 250+ reserved npm packages on Telegram
Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web Services (AWS), Microsoft, React, CKEditor, among other popular names ... Read More
‘cors-parser’ npm package hides cross-platform backdoor in PNG files
'cors-parser' is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a "parser" for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download what may appear to be PNG images at first. These "images," however, contain encoded instructions to drop malware ... Read More
