Techly NewsGet the app

Get the latest tech news

Concealed backdoor in fake AWS files escaped mainstream notice


Files available on the open source NPM repository underscore a growing sophistication.

Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers' computers when executed. The care the package developers put into the code and the effectiveness of their tactics underscores the growing sophistication of attacks targeting open source repositories, which besides NPM have included PyPI, GitHub, and RubyGems. Besides the sophistication of the concealment method, the entity devoted large amounts of time to producing high-quality code for open source projects in a successful effort to build trust with other developers.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of mainstream notice

mainstream notice

Photo of fake AWS files

fake AWS files

Photo of Concealed backdoor

Concealed backdoor

« Big Tech withholds its products from the EU in response to regulation
Prime Day is over: These are the best 100+ deals still available »