Malware Report

Title

Typosquatting campaign delivers r77 rootkit via npm

URL

https://www.reversinglabs.com/blog/r77-rootkit-typosquatting-npm-threat-research

Report Author

Lucija Valentić

Description

One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.

Malware Packages (1)

The following malware packages were identified in this report.

Package Type	Name	Attack Strategy	Package Author	Versions	Description
NPM Module	node-hide-console-windows			1.5.7, 1.5.6, 1.5.4, 1.4.4, 1.3.4, 1.2.4, 1.2.3, 1.2.2, 1.1.2, 1.1.0	One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.
Package Type	Name	Attack Strategy	Package Author	Versions	Description