Typosquatting campaign delivers r77 rootkit via npm
ReversingLabs discovered that one “s” was all that separated a legit npm package from a malicious twin that delivered the r77 rootkit — and was downloaded more than 700 times.
Lucija Valentić
Software Threat Researcher, ReversingLabs. Lucija works on the TitaniumCore Team.
Posts from Lucija Valentić
Typosquatting campaign delivers r77 rootkit via npm
Fake Roblox packages target npm with Luna Grabber info-stealing malware
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
RATs found hiding in the npm attic
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected.
Package names repurposed to push malware on PyPI
What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
Developers beware: Imposter HTTP libraries lurk on PyPI
ReversingLabs researchers discovered dozens of malicious packages on Python Package Index that mimic popular libraries
Open-source repository malware sows Havoc
Aabquerys is a malicious npm package discovered typosquatting on a legitimate module that downloads malicious components