Ten malicious npm packages mimicking legitimate projects have been found to download a powerful infostealer capable of stealing sensitive data across multiple operating systems. Despite being reported, these packages remain available, highlighting the ongoing threat posed by typosquatting and sophisticated obfuscation techniques. #npmpackages #typosquatting
Keypoints
- The malicious packages were uploaded to npm on July 4 and used obfuscation to evade detection.
- They employ a fake CAPTCHA challenge to appear legitimate and execute malware silently after installation.
- The malware collects data from system keyrings, browsers, and saved credentials, then exfiltrates it to a remote server.
- They use typosquatting to trick developers into installing malicious packages through misspelled legitimate names.
- Users are advised to verify package sources carefully and rotate compromised access tokens and passwords.