Malware authors have again managed to sneak malicious libraries into npm

Asia's Tech News Daily

Automated malware detection systems have once again flagged several malicious packages lurking in the npm registry.

Masquerading as legitimate JavaScript libraries, the latest round of packages launch cryptominers on Windows, macOS, and Linux machines.

“Once again, this particular discovery is a further indication that developers are the new target for adversaries over the software they write,” writes SonaType, noting that all the packages were published by the same author.

>> Click here to start the survey in a new window <<

” data-widget-type=”deal”>

TechRadar needs you!

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

>> Click here to start the survey in a new window <<

View Deal

The SonaType researchers reported the malicious packages (named okhsa, klow, klown) to npm, only hours after their release, and they were unlisted by the same day, causing little to no damage.

Unclear intentions

Attacks on public repositories such as JavaScript’s npm, and Python’s PyPI aren’t nothing new, but have increased in their intensity off late. In fact, a recent report concluded that the increase in supply chain attacks aimed at upstream open source public repositories has registered a whopping 650% year on year increase in 2021.

Npm isn’t immune to these infiltrations, and SonaType has previously shared that its automated systems have identified over 12000 suspicious and malicious npm packages since 2019.

What’s interesting about these newly flagged (and subsequently removed) packages is that they didn’t employ any of the usual ploys to trick developers into installing them.

“It isn’t clear how the author of these packages aims to target developers. There are no obvious signs observed that indicate a case of typosquatting or dependency hijacking. “Klow(n)” does impersonate the legitimate UAParser.js library on the surface, making this attack seem like a weak brandjacking attempt,” observe the researchers.

SonaType says it is now expanding malware detection capabilities that caught the packages in npm, to other ecosystems as well, such as PyPI.

Internet Explorer Channel Network
Asia's Tech News Daily
News Related

OTHER NEWS

Shop early Cyber Monday deals on Keurig coffee makers and K-Cups

— Recommendations are independently chosen by Reviewed’s editors. Purchases you make through our links may earn us a commission. Good news for all the coffee enthusiasts this Cyber Monday weekend: ... Read more »

Cyber Monday AirPods deals 2021: all the sales live right now

Cyber Monday AirPods deals can save you plenty of cash on everything from the very latest releases to old faithfuls this weekend, now that Black Friday AirPods deals have drawn ... Read more »

Lost smartphone? Here's what to do: Talking Tech podcast

Hit play on the player above to hear the podcast and follow along with the transcript below.This transcript was automatically generated, and then edited for clarity in its current form. ... Read more »

Why Harry Potter and Lord of the Rings are still casting a spell over us 20 years on

There must have been magic in the air. In November and December 2001, two fantasy movies cast a spell so powerful they changed Hollywood forever. Both were based on an ... Read more »

GoPro Cyber Monday deals 2021: all of the best offers available now

Cyber Monday GoPro deals 2021: Jump to… (Image credit: GoPro) US Best GoPro Cyber Monday deals UK Best GoPro Cyber Monday deals The Cyber Monday GoPro deals have just taken ... Read more »

Cyber Monday Fitbit, Garmin and smartwatch live blog

Refresh 2021-11-28T13:53:46.093Z (Image credit: Garmin) Here’s a few of the Garmin deals we’ve seen already, across an impressive range of the brand’s smartwatches. Most of these are generous and will ... Read more »

Chelsea vs Man United live stream: how to watch Premier League from anywhere

Having given caretaker boss the response he was hoping for in his first game at the helm of Man United in midweek, Michael Carrick will be hoping his players can ... Read more »

Realme GT 2 Pro India launch to take place in Q1 2022: Report

Rumours about the Realme GT 2 Pro are getting stronger as every day passes. The Realme GT 2 Pro is expected to be the company’s first flagship smartphone to use ... Read more »

Kate Spade Black Friday isn't over yet—save big at the Surprise Sale during Cyber Monday

— Recommendations are independently chosen by Reviewed’s editors. Purchases you make through our links may earn us a commission. If you’re still hunting for a beautiful new bag to add ... Read more »

Cyber Monday iPad live blog: the best Apple tablet deals right now

Refresh 2021-11-28T13:01:45.493Z (Image credit: Apple) If you’re going to buy that iPad Pro deal, then you should be thinking about getting an Apple Pencil as well – it’s going to ... Read more »

Keira Knightley reveals feeling split over return to work after family time in pandemic

Keira Knightley has admitted being torn over returning to work after full-time motherhood during the pandemic. (Getty Images) Just like so many other mothers, the pandemic has had an impact ... Read more »

Cyber Monday appliance live blog: Instant Pot, Ninja and KitchenAid deals

Refresh 2021-11-28T12:34:34.690Z Morning deal hunters! It’s executive editor Gerald Lynch here – I’ve pulled my apron on, put some flour underneath my laptop and have cracked some eggs for some ... Read more »

The iRobot j7+ is at the lowest price we've ever seen for Cyber Monday 2021

— Recommendations are independently chosen by Reviewed’s editors. Purchases you make through our links may earn us a commission. If you need to do some post-Thanksgiving cleanup around the house, ... Read more »

COVID-19: Emergence of Omicron variant could be down to 'reservoirs' of virus in the unvaccinated and immunosuppressed

Barry Schoub, an expert from South Africa, says it is "logical" that the prevalence of HIV in the region is linked to the emergence of the new variant of the coronavirus. Speaking to Sky News, Prof Schoub also emphasises the links to unvaccinated people. Read more »

Man City vs West Ham live stream: how to watch Premier League from anywhere

Showing some of their best form since Pep Guardiola took on the Etihad hot seat, Man City face a stern test of their title credentials today as they face David ... Read more »

Infinix Zero 5G is slated to debut as the company's first 5G smartphone

The Infinix Zero 5G is rumoured to be in the works. Infinix has ramped up its smartphone launches this year, but the company has stuck to 4G devices until now. ... Read more »

Best Black Friday OLED TV deals for LG, Sony, Vizio, 48, 55, 65, 77-inch TVs in 2021

You can make big savings on some of the best OLED TVs around right now as 2021 TVs push down the price of previous generation models – and that means ... Read more »

ITV addresses claims Sheridan Smith was upset on Jonathan Ross Show

Photo credit: Karwai Tang – Getty Images The Jonathan Ross Show guest Sheridan Smith was allegedly left upset backstage following her appearance this week. Appearing alongside Oscar nominee Riz Ahmed, ... Read more »

Why we shunned France and chose Britain – migrants in their own words

Twenty seven people died en route to the UK this week Endless questions have been asked since the freezing waters of the English Channel claimed the lives of 27 people ... Read more »

Samsung Galaxy S22 phone sizes shown off in latest image leaks

We’ve already seen a plethora of leaks around the Samsung Galaxy S22, but we’re happy to add another one to the pile: new pictures show off what look to be ... Read more »

Redmi K50 Gaming Edition specifications leaked, MediaTek Dimensity 7000 Redmi phone in the works

The Redmi K50 Gaming smartphone is slated to arrive in early 2022. And while we don’t have any details about the K50 Gaming smartphone, new rumours have surfaced giving us ... Read more »

How NASA's spacecraft will smash into an asteroid and save Earth from harm next year

A NASA spacecraft the size of a golf cart has been directed to smash into an asteroid, with the intention of knocking it slightly off course. The test aims to ... Read more »

Giovanni Pernice dating Verity Bowditch

Giovanni Pernice has found love again credit:Bang Showbiz Giovanni Pernice is dating Verity Bowditch. The 'Strictly Come Dancing' professional recently split from 'Love Island' star Maura Higgins but he's already ... Read more »

A driver shortage could lead to stores in the UK running out of alcohol ahead of Christmas, trade group warns

Rows of cans of hard seltzer and beer on shelf in store.Richa Naidu/Reuters Alcohol providers are reporting delays in delivering alcohol to stores in the UK. The Wine and Spirit ... Read more »

Realme 9 series could feature four models, expected to launch in January 2022

Four new Realme smartphones are arriving in India sometime in Q1 2022. The phones will be part of the company’s next number series, namely the Realme 9 series. Realme previously ... Read more »

LG Energy Solution lays out new funding plan for Michigan plant

An interior view of LG Energy Solution’s Michigan plant (LG Energy Solution)LG Energy Solution, the batteries unit of LG Group, has laid out a new $1.36 billion funding plan to ... Read more »

Apple iPhone users to reportedly get these Twitter features soon

Twitter has launched several new features on its platform this year and now, the company is reportedly gearing up to roll out the Reaction feature for Apple iPhone users. According ... Read more »

New Zealand politician cycles to hospital in labour, gives birth

1 / 2New Zealand politician cycles to hospital in labour, gives birthGreen Party MP Julie Anne Genter rides a bicyle to the hospital while in labour in Wellington MELBOURNE (Reuters) ... Read more »

Top 3 Samsung CEOs to retain positions

Samsung Electronics CEOs Ko Dong-jin, from left, Kim Hyun-suk and Kim Ki-nam By Baek Byung-yeul Three Samsung Electronics CEOs ― those in charge of semiconductors, home appliances and IT and ... Read more »

Samsung ranks No. 1 in US high-end projector market share

A promotional image for Samsung Electronics’ The Premiere ultrashort throw projector (Samsung Electronics)Samsung Electronics said Sunday that it ranked No. 1 in the premium home cinema projector market in the ... Read more »

JP Morgan CEO's China apology raises questions over Shinsegae heir's 'hardball' stance

By Yi Whan-woo JP Morgan CEO Jamie Dimon’s apology last week over his offhand remark concerning the Chinese Communist Party (CCP) is raising questions over whether it is appropriate from ... Read more »

Hyundai Motor reclaims No. 2 spot in Australian car sales

Ioniq 5 (Hyundai Motor)Hyundai Motor has reclaimed the No. 2 spot in Australian car sales, with its October car sales outpacing those of American rival Ford and Japanese rival Mazda, ... Read more »

Best smartphones under Rs 10,000: Moto G10 Power, Realme Narzo 30A, Lava Z6, and more

When it comes to budget smartphones, there are a few things to keep in mind to ensure you get the best bang for your buck. So if you are looking ... Read more »

Investors to flock to test kit, vaccine makers

A petrol attendant stands next to a newspaper headline in Pretoria, South Africa, Saturday. AP-Yonhap By Kim Yoo-chul The South Korean stock market is awaiting updates over the Omicron variant ... Read more »

[Photo News] At full throttle

An LG Electronics worker is busy manufacturing washing machines ahead of a year-end spending spree at the firm’s factory in Clarksville, Tennessee, Friday. The company’s lines of key products such ... Read more »

Lot sales for I Park studio apartment to begin in Cheongna International City

Overview of the I Park studio apartment twin towers in the multinational corporate district of Cheongna International City in Incheon / Courtesy of HDC Hyundai Development Co. By Yi Whan-woo ... Read more »

Xiaomi to open car plant in Beijing with annual output of 300,000 vehicles: Beijing

The Xiaomi logo is seen at a Xiaomi shop in Shanghai, China, May 12. Reuters-Yonhap Chinese smartphone giant Xiaomi will build a plant that can produce 300,000 vehicles annually in ... Read more »

Easily Find the Apps You Need With Setapp, the Netflix of Mac Apps

Remember when Apple used to proudly advertise, “There’s an app for that”? Well, there’s a reason they don’t do that anymore. We’ve officially reached the point of app overload in ... Read more »

Google Fined $11.2 Million By Italian Regulator Over Data Use

Google – Alphabet Inc (NASDAQ:GOOGL) – has been fined by Italy’s antitrust regulator over “aggressive practices” linked to user data’s commercial usage. The ruling comes after the General Court of ... Read more »

Black Friday graphics card deals 2021 - sales still available right now

The best Black Friday graphics card deals are still trickling in even with the day proper long gone. The good news for latecoming shoppers is that the savings were few ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic