Security News > 2025 > March > New npm attack poisons local packages with backdoors

New npm attack poisons local packages with backdoors

2025-03-26 12:00

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]

News URL

https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/

#attack #backdoor #NPM

Related news

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems (source)
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
Ripple NPM supply chain attack hunts for private keys (source)
Supply chain attack hits npm package with 45,000 weekly downloads (source)
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials (source)
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.