Three JavaScript packages were pulled from the npm portal on Thursday for distributing malicious code.
According to the NPM security team, all three JavaScript libraries have opened shells on the computers of the developers who imported the packages into their projects. The term “shell” refers to code allowing potentially malicious actors to remotely connect to the infected computer and execute instructions.
The npm security team has stated that these shells can work on both Windows and * nix operating systems, such as Linux, FreeBSD, OpenBSD, and others.
The packages have been online for almost a year
These three packages were uploaded to the NPM portal almost a year ago, in mid-October 2019. Each module has been downloaded more than 100 times in total since its release. The names of the packages are:
“Any computer on which these packages are installed should be considered totally compromised. All secrets and keys stored on this computer should be immediately changed from another computer, ”warns the NPM security team. “The package must be removed, but since full control of the computer may have been compromised by an outside entity, removing the package is not guaranteed to remove all malware resulting from its installation,” they add. .
The security team regularly scans NPM’s JavaScript library collection, which is considered the largest package manager for any programming language.
Several operations of the same type in the last three months
While malicious packets are routinely removed, the removal of these three packages is the third major packet removal operation in the past three months.
In August, NPM removed a malicious JavaScript library designed to steal sensitive files from an infected user’s browser and the Discord app .
In September, NPM removed four JavaScript libraries used for collecting user data and uploading stolen data to a public GitHub page.
Source: ZDNet.com
Discussion about this post