January 2025

Malicious NPM package infects developers with new infostealer malware

by Paul McCarty | Jan 26, 2025 | Uncategorized

SourceCodeRED identified a malicious package deployed on NPM this week. This package was deployed by an NPM user named Zyrudev and named “arcus-cmd-utils”. The package only contained two files: index.js and package.json. When this package was...

Malicious NPM packages target marked-js library

by Paul McCarty | Jan 10, 2025 | Uncategorized

Two NPM packages masquerading as legitimate javascript libraries were published to the NPM registry this week. The packages were published by a user named “kamations” and target the marked-js ecosystem. Two of the packages appear to be carbon copies of...

Snyk security researcher deploys malicious NPM packages targeting Cursor.com

by Paul McCarty | Jan 8, 2025 | Uncategorized

Published January 8, 2025 Every morning I get up and check what malicious packages my detector had found the night before. It’s like someone checking their fishing nets to see what fish they caught. As I was looking at last nights malicious packages I noticed...

Malicious NPM package infects developers with new infostealer malware

Malicious NPM packages target marked-js library

Snyk security researcher deploys malicious NPM packages targeting Cursor.com

Recent Posts

Recent Comments

Archives

Categories