Malware Report
Title
Targeted npm Malware Attempts to Steal Company Source Code and Secrets
Report Author
Phylum Research Team
Published At
1691038800000
Updated At
1691038800000
Description
On July 31, 2023, Phylum's automated risk detection platform alerted us to another series of unusual publications on npm. Within a few hours, we observed the publication of ten different "test" packages. These packages demonstrated increasing functionality and refinement as the attacker seemingly tailored the code for a specific purpose—
Malware Packages (14)
The following malware packages were identified in this report.
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |
|---|---|---|---|---|---|
| NPM Module | @rocketrefer/components | malikrukd4732 | 1.21.5 | ||
| NPM Module | binarium-client | malikrukd4732 | 4.0.0 | ||
| NPM Module | developer_backup_test521 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test522 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test523 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test524 | malikrukd4732 | 2.999.0 | ||
| NPM Module | developer_backup_test525 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test527 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test528 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test529 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test531 | malikrukd4732 | 1.999.0, 1.999.9, 9.999.0 | ||
| NPM Module | developer_backup_test532 | malikrukd4732 | 1.999.9 | ||
| NPM Module | zip_achive_bp | malikrukd4732 | 1.999.0 | ||
| NPM Module | @rocketrefer/admin-panel | malikrukd4732 | 2.9.9 | ||
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |