NPM packages posing as speed testers install crypto miners instead
14-Feb-23
In actuality, a fresh batch of 16 malicious NPM packages masquerading as internet speed tests are coinminers that use the resources of the infected machine to mine bitcoin for the threat actors. The open-source JavaScript packages were posted to NPM, a website repository used by software developers to distribute over 2.2 million open-source JavaScript packages. On January 17, 2023, CheckPoint identified these packages, which were all posted to NPM by a person going by the name of “trendava.” The next day, NPM deleted them as a result of the company’s report. Although the names of the majority of programmes resemble those of internet speed tests, they are all bitcoin miners. Although having the identical goal, CheckPoint’s researchers discovered that each package uses unique code and working techniques to do its responsibilitie
