Ethereum contracts push malware on npm
RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories.
Lucija Valentić
Software Threat Researcher, ReversingLabs. Lucija works on the TitaniumCore Team.
Posts from Lucija Valentić
Ethereum contracts push malware on npm
Threat actors claim VS Code extension names
RL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes.
Atomic and Exodus crypto wallets targeted in malicious npm campaign
RL researchers have identified yet another npm package that uses malicious patching of local software to hijack cryptocurrency transfers.
Malware found on npm infecting local package with reverse shell
For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.
A new playground: Malicious campaigns proliferate from VSCode to npm
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
Differential analysis raises red flags over @lottiefiles/lottie-player
Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.
Malicious npm package targets AWS users
The history of the package is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Malicious helpers: VS Code Extensions observed stealing sensitive information
Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.
GitGot: GitHub leveraged by cybercriminals to store stolen data
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.