New Linux, macOS malware hidden in fake Browserify NPM package

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A new malicious package has been spotted this week on the npm registry, which targets NodeJS developers using Linux and Apple macOS operating systems.

The malicious package is called "web-browserify," and imitates the popular Browserify npm component downloaded over 160 million times over its lifetime.

web-browserify is itself built by combining hundreds of legitimate open-source components, and performs extensive reconnaissance activities on an infected system.

Moreover, as of today, the ELF malware contained with the component has a zero detection rate by all leading antivirus engines.

This week, a malicious component "web-browserify" was found on the npm registry.

The component was detected by Sonatype's automated malware detection system, Release Integrity, and deemed malicious after analysis by the Sonatype security research team, [...]
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top