You are not logged in.

Announcement

Welcome to Darknet City forum. One of the most relibable and trusted forum since 2017.

Please read our rulles before place any orders.

Telegram : https://t.me/darknetCity8

Jabber :  Darknetcity@njs.netlab.cz

                                                            mysign                                                         

Since 2017.

mysign

#1 2021-07-23 14:39:52

Spoiler24
Support
From: Singapore
Registered: 2018-03-17
Posts: 544
Deposit: $0

Malicious NPM Package Stealing Users' Passwords

A software package available in the official NPM repository turned out to be a front for a program aimed at stealing stored credentials from the Chrome web browser, according to The Hacker News. After being reported yesterday, the malicious package was removed from the repository.

The malicious package is called "nodejs net server" and has been downloaded more than 1,283 times since February 2019. One questionable detail is that the associated repository leads to non-existent locations on GitHub.

While the original version of the package was only released to test the NPM package publishing process, the developer, named Chrunlee, made revisions with the purpose of implementing a remote shell capability. Then a script ("hxxps:/chrunlee.cn/a.exe") was added to download ChromePass, which was later changed to TeamViewer.

Because of their popularity and ease of use, cybercriminals started to target package repositories

Karlo Zanki, a researcher at ReversingLabs, said the fake NPM package is not malicious by itself, but it can become dangerous if cybercriminals use it in a malicious way.

He explained further that the growing popularity and ease of use of software package repositories make them an excellent target for malware developers. It is uncommon for developers to perform rigorous security checks on existing libraries before including them in their projects, even if they do so to make building critical functionality faster and easier.

He added that the reason for this omission is due to the excessive number of potential vulnerabilities discovered in third-party code. If the package does not fix the problem, the next step is to try another one. This is a risky activity that can lead to the installation of malicious software.

Offline

Registered users online in this topic: 0, guests: 1

Board footer