silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
A new malicious package has been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems.
The malicious package is called "web-browserify," and imitates the popular Browserify npm component downloaded over 160 million times over its lifetime.
web-browserify is itself built by combining hundreds of legitimate open-source components, and performs extensive reconnaissance activities on an infected system.
Moreover, as of today, the ELF malware contained with the component has a zero detection rate by all leading antivirus engines.
This week, a malicious component "web-browserify" was found on the npm registry.
The component was detected by Sonatype's automated malware detection system, Release Integrity, and deemed malicious after analysis by the Sonatype security research team, [...]
New Linux, macOS malware hidden in fake Browserify NPM package
A new malicious package been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems for its recon activities. The malicious package is called "web-browserify." It imitates the popular Browserify npm component, downloaded over 160...
www.bleepingcomputer.com