malicious code npm – WindowsTechs.com

There’s a RAT in my code: new npm malware with Bladabindi trojan spotted

Posted on December 1, 2020 by Ax Sharma

Over the Thanksgiving weekend, Sonatype discovered new malware within the npm registry. This time, the typosquatting packages identified by us are laced with a popular Remote Access Trojan (RAT).
The post There’s a RAT in my code: new npm malware … Continue reading There’s a RAT in my code: new npm malware with Bladabindi trojan spotted→

Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!

Posted on November 2, 2020 by Ax Sharma

As if the increasing attacks on the open source ecosystem and vulnerabilities making headlines weren’t scary enough events, this Halloween devs were exposed to another malicious trick.
The post Trick or treat: that `twilio-npm` package is brandja… Continue reading Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!→

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

Posted on September 30, 2020 by Akshay 'Ax' Sharma

Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to identify suspi… Continue reading Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web→

Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js

Posted on January 15, 2020 by Elisa Velarde

Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all.
The post Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js appea… Continue reading Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js→