"Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub"

Two malicious packages on the NPM package registry use GitHub to store Base64-encrypted SSH keys stolen from developer systems. One module was downloaded 412 times, and the other was downloaded 1,281 times before being removed by the NPM maintainers. The software supply chain security company ReversingLabs, which made the discovery, noted that there were eight different versions of one module and more than 30 versions of the other. Both modules run a postinstall script after installation, with each capable of retrieving and executing a different JavaScript file. This article continues to discuss findings regarding the malicious NPM packages.

THN reports "Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub"

Submitted by grigby1

Submitted by Gregory Rigby on