Security News > 2025 > March > New npm attack poisons local packages with backdoors

2025-03-26 12:00
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]
News URL
https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks (source)
- New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations (source)