Developer Alert NPM Packages for Node.js Hiding Dangerous TurkoRat Malware


An open source information thief virus dubbed TurkoRat was revealed to be concealed by two malicious packages that were identified in the npm package repository. The packages, which went by the names nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were downloaded about 1,200 times combinedly before they were found and pulled down after more than two months.

TurkoRat is a data thief with the ability to gather private information like login credentials, website cookies, and information from cryptocurrency wallets, according to ReversingLabs, which broke down the campaigns specifics. While nodejs-encrypt-agent already had the malware installed, it was discovered that nodejs-cookie-proxy-agent had the malware covered up as a dependency called axios-proxy.

Read More…