Security News > 2023 > August > Malicious npm Packages Aim to Target Developers for Source Code Theft

An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and configuration files from victim machines, a sign of how threats lurk consistently in open-source repositories.

They have continuously published malicious packages."

The packages, by design, are configured to execute immediately post-installation by means of a postinstall hook defined in the package.

A common trait that connects all the packages is the use of "Lexi2" as the author in the package.

While the exact goals of the campaign are unclear, the use of package names such as binarium-client, binarium-crm, and rocketrefer suggest that the targeting is geared towards the cryptocurrency sector.

"The cryptocurrency sector remains a hot target, and it's important to recognize that we're not just grappling with malicious packages, but also persistent adversaries whose continuous and meticulously planned attacks date back months or even years," security researcher Yehuda Gelb said.

News URL

https://thehackernews.com/2023/08/malicious-npm-packages-aim-to-target.html