Malware Report
Title
Targeted npm Malware Attempts to Steal Company Source Code and Secrets
Report Author
Phylum Research Team
Published At
1691038800000
Updated At
1692853200000
Description
This appears to be a slow, on-going attack. Since our initial report, two more packages have been identified as part of this campaign: ng-zulutrade-ssr and binarium-crm. We will provide periodic updates as we identify further publications associated with this campaign.
Malware Packages (18)
The following malware packages were identified in this report.
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |
|---|---|---|---|---|---|
| NPM Module | @rocketrefer/admin-panel | malikrukd4732 | 2.9.9 | ||
| NPM Module | @rocketrefer/components | malikrukd4732 | 1.21.5 | ||
| NPM Module | binarium-client | malikrukd4732 | 4.0.0 | ||
| NPM Module | developer_backup_test521 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test522 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test523 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test524 | malikrukd4732 | 2.999.0 | ||
| NPM Module | developer_backup_test525 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test527 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test528 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test529 | malikrukd4732 | 1.999.0 | ||
| NPM Module | developer_backup_test531 | malikrukd4732 | 1.999.0, 1.999.9, 9.999.0 | ||
| NPM Module | developer_backup_test532 | malikrukd4732 | 1.999.9 | ||
| NPM Module | zip_achive_bp | malikrukd4732 | 1.999.0 | ||
| NPM Module | binarium-crm | malikrukd4732 | 1.9.9 | ||
| NPM Module | casino.web | malikrukd4732 | 1.0.0, 1.0.4, 1.1.2 | ||
| NPM Module | docs-public-api | malikrukd4732 | |||
| NPM Module | ng-zulutrade-ssr | malikrukd4732 | 4.0.0 | ||
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |