A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show.
The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils.
One of the packages in question, execution-time-async, masquerades as its legitimate
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines.
The package, named "oscompatible," was published on January 9, 2024, attracting a total of 380 downloads before it was taken down.
oscompatible included a "few strange binaries," according to software supply chain security firm Phylum, including a single
Login
FreshRSS