Security News > 2023 > May > Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat.
The findings once again underscore the ongoing risk of threat actors orchestrating supply chain attacks via open source packages and baiting developers into downloading potentially untrusted code.
The growing use of malicious npm packages fits in with a broader pattern of surging attacker interest in open source software supply chains, not to mention highlighting the increasing sophistication of threat actors.
Even more worryingly, researchers from Checkmarx published new research this month that showed how threat actors could impersonate authentic npm packages by "Using lowercase letters to mimic uppercase letters in the original package names".
The supply chain security company found that 1,900 out of 3,815 packages with capital letters in their titles could have been at risk of copycat attacks if not for a fix pushed by the npm maintainers to address the problem, which, Checkmarx said, has existed since December 2017.
Some of these packages were designed to distribute a cryptocurrency clipper malware dubbed KEKW, while other typosquatted versions of the popular flask framework included backdoor functions to receive commands from a remote server.
News URL
https://thehackernews.com/2023/05/developer-alert-npm-packages-for-nodejs.html
Related news
- BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers (source)
- Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages (source)
- Malicious NPM Packages Target Roblox Users with Data-Stealing Malware (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)