"Once Again, Malware Discovered in npm"

Two code packages named "nodejs-encrypt-agent" were recently discovered to contain the open-source information-stealing malware TurkoRat in the popular npm JavaScript library and registry. The malware-containing packages were discovered by ReversingLabs researchers, who report that the perpetrators behind them attempted to have the packages impersonate another legitimate package, agent-base version 6.0.2, which has been downloaded over 20 million times. Checkmarx recently published a report highlighting an emerging trend of threat actors exploiting npm's failure to account for certain types of typosquatting for years, potentially leading enterprises to inadvertently download malware. ReversingLabs researchers stated that the discovery of the most recent malicious packages, along with version number irregularities, was a red flag. In this case, a "strangely high version number" was used to attempt to trick developers into downloading what appeared to be a new release of the package. This article continues to discuss the discovery of TurkoRat-poisoned packages in the npm development library. 

Dark Reading reports "Once Again, Malware Discovered in npm"