The malicious software packages impersonate legitimate JavaScript libraries and components, but upon installation, they run obfuscated code to collect and siphon sensitive files.
  • September 20, 2023

Malicious NPM Packages Caught Exfiltrating Kubernetes Config, SSH Keys

The Sonatype Security Research team has identified an ongoing campaign on the npm registry that uses malicious npm packages to steal Kubernetes configuration and SSH keys. So far, at least 14 packages have been found, disguised as legitimate JavaScript libraries. These packages contain obfuscated code that collects sensitive files from the target machine. The packages have been reported to the npm registry admins, but the accounts used to publish them are linked to the domain app.threatest.com. The packages have low download counts and are considered malicious. Sonatype's products can help detect and block such packages from reaching development builds.



Back to Home

Comments

  • No comments yet.

Comment

Recommended

The Ultimate Guide to Linux VPS Hosting for Businesses

The Ultimate Guide to Linux VPS Hosting for Businesses

 https://averthost.com/vps-hosting/

VPS vs Shared Hosting: Which is Right for Your Website?

Categories