48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

The npm repository now contains 48 new malicious npm packages that can be used to install a reverse shell on infected systems. Software supply chain security company Phylum claimed, “These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install.”

A user on npm called hktalent (GitHub, X) has released all of the fake packages. 39 of the items that the author posted are still downloadable as of this writing. Through an install hook in the package, the attack chain is started after the package is installed.json that creates a reverse shell to rsh.51pwn[.]com by invoking a JavaScript function.

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

03-Nov-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address