"Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack"

The discovery of a new deceptive package hidden within the npm package registry that deploys the open-source rootkit r77 marks the first time a malicious package has provided rootkit functionality. The package is node-hide-console-windows, and it imitates the legitimate npm package node-hide-console-window as part of a typosquatting campaign. It was downloaded 704 times in the previous two months before being removed. According to ReversingLabs, which detected the activity in August 2023, the package downloaded a Discord bot that facilitated the planting of the open-source rootkit r77. Open-source projects may be increasingly viewed as a means to spread malware. This article continues to discuss the deceptive package hidden within the npm package registry found to be deploying an open-source rootkit.

THN reports "Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack"

Submitted by grigby1