by Paul McCarty | Jan 26, 2025 | Uncategorized
SourceCodeRED identified a malicious package deployed on NPM this week. This package was deployed by an NPM user named Zyrudev and named “arcus-cmd-utils”. The package only contained two files: index.js and package.json. When this package was...
by Paul McCarty | Jan 10, 2025 | Uncategorized
Two NPM packages masquerading as legitimate javascript libraries were published to the NPM registry this week. The packages were published by a user named “kamations” and target the marked-js ecosystem. Two of the packages appear to be carbon copies of...
by Paul McCarty | Jan 8, 2025 | Uncategorized
Published January 8, 2025 Every morning I get up and check what malicious packages my detector had found the night before. It’s like someone checking their fishing nets to see what fish they caught. As I was looking at last nights malicious packages I noticed...
