Techly NewsGet the app

Get the latest tech news

Destructive Malware Available In NPM Repo Went Unnoticed For 2 Years


An anonymous reader quotes a report from Ars Technica: Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face. Eight packages using nam...

An anonymous reader quotes a report from Ars Technica: Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face. "What makes this campaign particularly concerning is the diversity of attack vectors -- from subtle data corruption to aggressive system shutdowns and file deletion," Pandya wrote. Pandya said that means the threat remains persistent, although in an email he also wrote: "Since all activation dates have passed (June 2023-August 2024), any developer following normal package usage today would immediately trigger destructive payloads including system shutdowns, file deletion, and JavaScript prototype corruption."

Get the Android app

Or read this on Slashdot

Read more on:

Photo of years

years

Photo of destructive malware

destructive malware

Photo of NPM repo

NPM repo

Related news:

News photo

Destructive malware available in NPM repo went unnoticed for 2 years

News photo

House passes budget bill that inexplicably bans state AI regulations for ten years

News photo

That fractal that's been up on my wall for years

« Show HN: Defuddle, an HTML-to-Markdown alternative to Readability
Verizon Wants to Lock Phones Longer Like AT&T and T-Mobile »