CyberSecurity news

FlagThis

Bill Toulas@BleepingComputer //

Malicious npm Packages Stealing Internal Network Data

Original img attribution: https://www.bleepstatic.com/content/hl-images/2022/07/05/NPM_head_pic.jpg
ImgSrc: www.bleepstatic

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: Post from Bluesky on BleepingComputer article on malicious NMP packages
  • BleepingComputer: Infosec.Exchange post on malicious NMP packages.
  • www.bleepingcomputer.com: Bleeping Computer article on malicious NMP packages
  • The DefendOps Diaries: Explore the rise of malicious NPM packages and learn how to protect your software development environment from these hidden threats.
  • www.bleepingcomputer.com: Dozens of malicious packages on NPM collect host and network data
  • gbhackers.com: 60 Malicious npm Packages Exfiltrate Hostnames, IP Addresses, and DNS Server Details
  • malware.news: 60 Malicious npm Packages Exfiltrate Hostnames, IP Addresses, and DNS Server Details
  • www.techradar.com: NPM users warned dozens of malicious packages aim to steal host and network data
  • securityonline.info: NPM Recon: Malicious Packages Found Stealing Internal Network IPs and Hostnames
  • The Hacker News: Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
  • securityonline.info: Socket’s Threat Research Team has uncovered an active and expanding malware campaign in the npm ecosystem. More than
Classification:
  • HashTags: #npm #MaliciousPackages #DataExfiltration
  • Company: npm
  • Target: npm users
  • Product: npm
  • Feature: Data theft
  • Type: Malware
  • Severity: Major