Cybersecurity researchers from SafeDep and Veracode uncovered multiple malicious npm packages designed for remote code execution and payload downloads. Packages like eslint-config-airbnb-compat and solders utilized transitive dependencies and obfuscation techniques to hide their malicious intent, including calling external servers for executing Base64-encoded scripts. The complex attack chain revealed payloads like the Pulsar RAT, a type of Remote Administration Tool. Concurrently, Socket identified threats targeting cryptocurrency ecosystems, including credential stealers and cryptojackers. Meanwhile, the emergence of AI-assisted coding has led to "slopsquatting," where fraudulent package names are generated for exploitation. Lastly, a package named chimera-sandbox-extensions was published on PyPI as a red teaming exercise by Grab, intended to assess security without malicious intent. These findings highlight the evolving sophistication in malware and the need for proactive security measures in software development environments.
Rising Malware Threats Targeting DevOps and Cloud Environments through Exploits of PyPI, npm, and AI Tools
Leave a Comment
Leave a Comment
