Malware Report
Title
Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers
Report Author
Phylum Research Team
Published At
1693803600000
Updated At
1693803600000
Description
Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata
Malware Packages (11)
The following malware packages were identified in this report.
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |
|---|---|---|---|---|---|
| NPM Module | @ks-radar/radar | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| NPM Module | @ks-radar/radar-chrome-metrics-collect | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| NPM Module | @ks-radar/radar-core | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| NPM Module | @ks-radar/radar-event-collect | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| NPM Module | @ks-radar/radar-navigation-collect | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| NPM Module | @ks-radar/radar-resource-collect | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| NPM Module | @ks-radar/radar-util | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| Pypi Package | dsc-auth | 1.1.1 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| Rubygem | gunther | 1.1.0 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| Pypi Package | kwxiaodian | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| Pypi Package | openapi-ba | 9.1.10 | Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package containing a complicated command-and-control setup for data exfiltration. We monitor open-source ecosystems and analyze every package's source code and metadata | ||
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |