Two malicious NPM packages pretending to be WhatsApp development tools have been found deploying destructive data-wiping code, which can delete files recursively on developersβ systems. The packages also contain a dormant function for data exfiltration, and similar malicious Go packages have been identified, targeting Linux and Windows environments. #NPM #WhatsAppSecurity
Keypoints
- Two malicious NPM packages, naya-flore and nvlore-hsc, are disguising as WhatsApp libraries and contain destructive code.
- The packages have been downloaded over 1,100 times and are still available despite takedown requests.
- They execute a file deletion command (βrm -rf *β) on the target system, wiping out data recursively.
- A dormant data exfiltration function is present but currently disabled in these packages.
- Additionally, 11 malicious Go packages use obfuscation techniques to execute remote payloads on Linux and Windows systems.