Several malicious npm packages have been discovered, capable of harvesting system information and deploying destructive payloads, often masquerading as legitimate tools. These threats highlight ongoing supply chain attacks within open-source repositories, involving threat actors like xuxingfeng and MUT-9332. #xuxingfeng #MUT-9332
Keypoints
- Malicious npm packages have been found deploying scripts that exfiltrate system details to Discord-controlled endpoints.
- Attackers created accounts like bbbb335656, cdsfdfafd1232436437, and sdsds656565 to publish these harmful packages.
- Some packages impersonate legitimate libraries but execute destructive actions like file deletion and system shutdown.
- A sophisticated phishing campaign used malicious npm packages to deliver JavaScript code that steals Office 365 credentials.
- Malicious VS Code extensions, such as solaibot and among-eth, target cryptocurrency wallets and disable security features on Windows.
Read More: https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html