by Paul McCarty | Jan 26, 2025 | Uncategorized
SourceCodeRED identified a malicious package deployed on NPM this week. This package was deployed by an NPM user named Zyrudev and named “arcus-cmd-utils”. The package only contained two files: index.js and package.json. When this package was...
by Paul McCarty | Jan 10, 2025 | Uncategorized
Two NPM packages masquerading as legitimate javascript libraries were published to the NPM registry this week. The packages were published by a user named “kamations” and target the marked-js ecosystem. Two of the packages appear to be carbon copies of...
by Paul McCarty | Jan 8, 2025 | Uncategorized
Published January 8, 2025 Every morning I get up and check what malicious packages my detector had found the night before. It’s like someone checking their fishing nets to see what fish they caught. As I was looking at last nights malicious packages I noticed...
by Paul McCarty | Dec 28, 2024 | Uncategorized
SourceCodeRED identified two malicious packages deployed on NPM today (December 27th, 2024) These packages were deployed by an NPM user named shulkwisec. The two packages are “baby-electron” and “baby-electrona”. What does the malware...
by Paul McCarty | Dec 18, 2024 | Uncategorized
A new malware payload is being delivered via NPM packages. The NPM user named hi_ops published seven packages that are deploying a new MacOS malware. How is the malware delivered? The delivery mechanism is pretty simple. The NPM package has only one file:...
