The popular NPM JavaScript package manager and registry has been hit with an influx of malicious packages, the most harmful of which are related to data theft, crypto mining, botnets, and remote code execution, according to research from security company WhiteSource.
WhiteSource’s automated malware detection platform, WhiteSource Diffend, detected a total of 1,300 malicious packages on NPM, within a period of six months ended December 2021.
All the malicious packages identified by WhiteSource were notified to NPM and were subsequently removed from the package registry.
More Stories
Cybercriminals Hesitant About Using Generative AI
An analysis of dark web forums revealed many threat actors are skeptical about using tools like ChatGPT to launch attacks...
For want of a cyber nail the kingdom fell
An old proverb, dating to at least the 1360’s, states: "For want of a nail, the shoe was lost, for...
Americans Receive Two Billion Spam Calls Per Month
Truecaller warns malicious calls make up the majority Read More
CISA Warns Congress on Chemical Industry Terror Attacks
Security agency wants to resume critical CFATS inspections Read More
Securing the software supply chain webinar
Join me, and the experts from JFrog, for a discussion about software supply chain security on December 5 2023. Read...
Ukraine Police Dismantle Major Ransomware Group
Affiliate deployed LockerGoga, MegaCortex, Hive and Dharma Read More