silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer.
NPM is a JavaScript package manager that allows developers and users to download packages and integrate them into their projects. As NPM is an open ecosystem, anyone can upload a new package without being reviewed or scanned for malware. While this environment has led to a repository of 1 million rich and diverse packages, it also makes it easy for threat actors to upload malicious packages.
Today, open-source security firm Sonatype discovered malicious NPM packages masquerading as a legitimate tool to make databases out of JSON files. [...]
Malicious NPM packages used to install njRAT remote access trojan
New malicious NPM packages have been discovered that install the njRAT remote access trojan that allows hackers to gain control over a computer.
www.bleepingcomputer.com