malicious code npm
npm packages spread ‘Bladeroid’ crypto-stealer, hijack your Instagram
Sonatype has identified multiple open source packages named sniperv1, sniperv2, among others that infect npm developers with a Windows info-stealer and crypto-stealer called 'Bladeroid.' ...
Two Campaigns Drop Malicious Packages into NPM
The popular NPM code registry continues to be a target of bad actors looking to sneak their malicious packages into open-source code used by software developers. Researchers with Fortinet’s FortiGuard Labs this ...
Remember npm library ‘colors’? There’s no such thing as ‘colors-2.0’
The popular npm package, 'colors' made headlines earlier this year when its dev Marak Squires had sabotaged the component by adding an infinite loop to it, printing zalgo text incessantly for everyone ...
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT) ...
Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!
As if the increasing attacks on the open source ecosystem and vulnerabilities making headlines weren’t scary enough events, this Halloween devs were exposed to another malicious trick. ...
Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...
Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js
Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all ...
