Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. “While typosquatting attacks are

December 19, 2024

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively.
“While typosquatting attacks are

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Leave a Reply Cancel reply

Related Posts

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation