MALWARE ALERT New Linux, macOS malware hidden in fake Browserify NPM package


Level 71
Content Creator
Malware Hunter
Aug 17, 2014
A new malicious package has been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems.

The malicious package is called "web-browserify," and imitates the popular Browserify npm component downloaded over 160 million times over its lifetime.

web-browserify is itself built by combining hundreds of legitimate open-source components, and performs extensive reconnaissance activities on an infected system.

Moreover, as of today, the ELF malware contained with the component has a zero detection rate by all leading antivirus engines.

This week, a malicious component "web-browserify" was found on the npm registry.

The component was detected by Sonatype's automated malware detection system, Release Integrity, and deemed malicious after analysis by the Sonatype security research team, [...]