Malicious NPM packages used to install njRAT remote access trojan

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer.

NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects. As NPM is an open ecosystem, anyone can upload a new package without being reviewed or scanned for malware. While this environment has led to a repository of 1 million rich and diverse packages, it also makes it easy for threat actors to upload malicious packages.

Today, open-source security firm Sonatype discovered malicious NPM packages masquerading as a legitimate tool to make databases out of JSON files. [...]
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
On January 16th, Sonatype became aware of 3 malicious packages that were published to npm, and leveraged brandjacking and typosquatting techniques that we previously warned about.
The names of the packages are:
npm packageversionsPublished to npm by
an0n-chat-lib0.1.0 to 0.1.5scp173-deleted
discord-fix0.0.1, 0.0.2scp173-deleted
sonatype2.0.3 to 2.0.7scp173-deleted

Sonatype’s Security Research Team has also determined the actor(s) who authored these packages are the authors of the CursedGrabber Discord malware family which was discovered by Sonatype in November of 2020.
“These packages contain variations of Discord token stealing code from Discord malware discovered by Sonatype on numerous occasions” states Sonatype Security Researcher Ax Sharma, who led the technical analysis against this malware campaign. [1, 2]
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top