Compromised servers can be used as command and control channels for botnets or as a proxy when downloading data from a hacked server. Discord has become a popular platform for people to communicate through text, voice, and video. Most of the packages JFrog flagged stole credentials or other information for Discord servers. In addition, the ease of installation via automation tools such as the npm client, provides a ripe attack vector.” “Public repositories have become a handy instrument for malware distribution: the repository’s server is a trusted resource, and communication with it does not raise the suspicion of any antivirus or firewall. “We are witnessing a recent barrage of malicious software hosted and delivered through open-source software repositories,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe wrote on Wednesday. Often, the malicious package includes the same code and functionality as the package being impersonated and adds concealed code that carries out additional nefarious actions. In many cases, the malicious package has a name that’s a single letter different than a legitimate package. This latest discovery continues a trend first spotted a few years ago, in which miscreants sneak information stealers, keyloggers, or other types of malware into packages available in NPM, RubyGems, PyPi, or another repository. Many of the 17 malicious packages appear to have been spread by different threat actors who used varying techniques and amounts of effort to trick developers into downloading malicious wares instead of the benign ones intended. This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each other. Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |