#npm-malware

[ follow ]
#credential-theft #supply-chain-attack #email-exfiltration #supply-chain-attacks #software-supply-chain
#supply-chain-attacks
fromtheregister
5 hours ago
Information security

Shai-Hulud copycat worm infects yet another npm package

A Shai-Hulud credential-stealing worm clone appeared in a malicious npm package, alongside three other infostealer packages from the same npm user.
fromSecurityWeek
17 hours ago
Information security

First Shai-Hulud Worm Clones Emerge

Shai-Hulud worm source code release enabled rapid cloning and renewed supply-chain attacks targeting open source package ecosystems.
Information security
fromtheregister
5 hours ago

Shai-Hulud copycat worm infects yet another npm package

A Shai-Hulud credential-stealing worm clone appeared in a malicious npm package, alongside three other infostealer packages from the same npm user.
more#supply-chain-attacks
Node JS
fromnews.bitcoin.com
3 days ago

822K Downloads at Risk: Malicious node-ipc Versions Spotted Stealing AWS and Private Keys

Three tainted node-ipc releases automatically steal developer and cloud credentials via DNS tunneling, affecting projects that installed or updated them.
Information security
fromtheregister
6 days ago

Cache-poisoning caper turns TanStack npm packages toxic

Eighty-four malicious TanStack npm package versions stole credentials, self-propagated, and wiped disks after poisoning GitHub Actions caches and extracting npm OIDC tokens.
fromThe Hacker News
2 months ago

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

"The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting," the company said. The packages, published to npm by two npm publisher aliases, official334 and javaorg, are listed below - Also identified are four sleeper packages that do not incorporate any malicious features -
Information security
Information security
fromThe Hacker News
4 months ago

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

A new, modified Shai Hulud npm malware strain was uploaded via @vietmoney/react-big-calendar, showing obfuscated code and potential worm-like supply-chain propagation.
Information security
fromThe Hacker News
4 months ago

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package named 'lotusbail' functions as a WhatsApp API while stealing authentication tokens, messages, contacts, media, and creating persistent account access.
#software-supply-chain
more#software-supply-chain
Information security
fromThe Hacker News
5 months ago

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Seven npm packages used the Adspect cloaking service to fingerprint visitors and selectively redirect real victims to malicious crypto-themed sites while evading security researchers.
Information security
fromTheregister
7 months ago

Fake Postmark MCP npm package stole emails with one-liner

A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.
Information security
fromIT Pro
7 months ago

A malicious MCP server is silently stealing user emails

A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.
Information security
fromThe Hacker News
8 months ago

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages impersonating Flashbots exfiltrate Ethereum private keys and mnemonic seeds to a Telegram bot and redirect unsigned transactions to attacker-controlled wallets.
[ Load more ]