"Malicious npm Packages Found Exfiltrating Sensitive Data from Developers"

Researchers have found a new set of malicious packages on the npm package registry that are designed to steal sensitive developer information. On July 31, 2023, the software supply chain company Phylum discovered the "test" packages, which showed increasing capability and refinement before being removed and re-uploaded under new, legitimate-sounding package names. While the campaign's ultimate goal remains unclear, it is believed to be a highly focused effort directed at the cryptocurrency sector based on references to modules such as "rocketrefer" and "binarium." Malikrukd4732, a npm user, published all of the packages. A feature shared by all the modules is the ability to execute JavaScript ("index.js") capable of exfiltrating sensitive information to a remote server. This article continues to discuss findings regarding the new set of malicious npm packages.

THN reports "Malicious npm Packages Found Exfiltrating Sensitive Data from Developers"