Security News > 2021 > October > Malicious NPM libraries install ransomware, password stealer

Malicious NPM libraries install ransomware, password stealer
2021-10-27 15:00

Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users.

In a new report by open source security firm Sonatype with further analysis by BleepingComputer, these malicious NPMs are infecting victims with an MBRLocker ransomware that impersonates the notorious GoldenEye ransomware, trollware, and a password stealing trojan.

After the malicious NPM libraries are added to a project and launched, the library will execute a postinstall.

Exe - Installs an MBRLocker called 'Monster Ransomware,' which impersonates the GoldenEye ransomware.

This ransomware does not appear to be widespread and is only known to be distributed via these NPM packages.

Sonatype recently discovered three malicious NPM libraries used to deploy cryptominers on Linux and Windows devices.


News URL

https://www.bleepingcomputer.com/news/security/malicious-npm-libraries-install-ransomware-password-stealer/