Developer Alert NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

An open source information thief virus dubbed TurkoRat was revealed to be concealed by two malicious packages that were identified in the npm package repository. The packages, which went by the names nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were downloaded about 1,200 times combinedly before they were found and pulled down after more than two months.

TurkoRat is a data thief with the ability to gather private information like login credentials, website cookies, and information from cryptocurrency wallets, according to ReversingLabs, which broke down the campaigns specifics. While nodejs-encrypt-agent already had the malware installed, it was discovered that nodejs-cookie-proxy-agent had the malware covered up as a dependency called axios-proxy.

Developer Alert NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Developer Alert NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

19-May-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address