Threat actors have been targeting the cryptocurrency community hard lately. The ReversingLabs (RL) research team is continuously tracking an ongoing battle in which cybercriminals and other threat actors use a variety of techniques to hijack popular, legitimate crypto packages and steal things from Web3 wallets to crypto funds. But hijacking open ... Read More

Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some decline in malware numbers between 2023 and 2024, this year's numbers don’t seem to continue that downward trend. Still, while RL has detected some interesting npm malware so far this year, ... Read More

ReversingLabs researchers have been monitoring multiple public repositories over the past few years. Recently, our team has expanded its threat hunting efforts to VSCode Marketplace — and the researchers started to see an increasing amount of malicious activity. In the past, RL researchers have observed how easy and quickly it is ... Read More

Malware on public repositories is nothing new. For a couple of years now, ReversingLabs threat researchers have been monitoring npm, PyPI and recently VSCode Marketplace, RubyGems and NuGet for potential malware whose inclusion in the development cycle could cause a supply chain attack. More often than not, malicious packages are ... Read More

ReversingLabs researchers have made it a priority to monitor public, open source repositories for malicious packages that may lurk on them in recent years. The number and frequency of malicious packages has increased steadily as malicious actors turn to software supply chains for an easy route into hundreds, thousands or ... Read More

In the last few years, there has been a dramatic rise (1300%) in supply chain attacks across multiple public repositories. ReversingLabs’ researchers have been monitoring them daily to detect malicious packages. After packages are detected, the team notifies administrators for these public repositories, and encourages them to take the offending ... Read More

ReversingLabs researchers have discovered two malicious packages on the npm open source package manager that leverages GitHub to store stolen Base64-encrypted SSH keys lifted from developer systems that installed the malicious npm packages.  ... Read More

ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot that facilitated the planting of an open source rootkit, r77. This is the first time ReversingLabs researchers have ... Read More

ReversingLabs researchers have identified more than a dozen malicious packages on the npm public repository since the beginning of August, including multistage, malicious packages that placed Luna Grabber, an open-source information-stealing malware, on infected systems. In a replay of an attack uncovered two years ago, the malicious packages imitated the ... Read More

Executive Summary ReversingLabs researchers recently discovered more than a dozen malicious packages published to the npm open source repository that appear to target application end users while also supporting email phishing campaigns targeting Microsoft 365 users. Some key takeaways from our report:  ... Read More