Cybersecurity researchers have identified a malicious npm package named βos-info-checker-es6β that uses covert steganography and Google Calendar links to deliver malicious payloads. This campaign shows signs of evolution and sophistication, employing legitimate services to evade detection.
Affected: npm registry, compromised systems, supply chain ecosystem
Affected: npm registry, compromised systems, supply chain ecosystem
Keypoints
- Researchers discovered a malicious npm package called βos-info-checker-es6β that disguises itself as an OS utility.
- The campaign employs Unicode steganography and uses Google Calendar links as a covert delivery method.
- The malwareβs payload is triggered through obfuscated code in later versions, connecting to a remote server.
- Legitimate platforms like Google Calendar are exploited as part of the attack chain to evade detection.
- Defenders are advised to analyze package behaviors, validate dependencies, and monitor outbound traffic to prevent infection.
Read More: https://thehackernews.com/2025/05/malicious-npm-package-leverages-unicode.html