all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Fake 'distube-config' npm package drops Windows info-stealing malware

Add to bookmarks
Jan. 24, 2024, 3:08 p.m. | Ax Sharma

Sonatype Blog blog.sonatype.com




Sonatype has identified two npm packages distube-config and discordyt that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan. Our security researcher, Juan Aguirre, who analyzed the malware shares some insights.

config discord drops fake infect info info-stealing malware insights malware modules npm npm package open source open source packages package packages researcher security security researcher sonatype stealing trojan vulnerabilities windows

Visit resource

More from blog.sonatype.com / Sonatype Blog

The new Sonatype Learn: Self-service educational materials where and when you need them 2 days, 3 hours ago | blog.sonatype.com
courses devops educational industry +15
The new Sonatype Learn: Self-service educational materials where and when you need them 2 days, 8 hours ago | blog.sonatype.com
courses devops educational industry +15
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration 2 days, 10 hours ago | blog.sonatype.com
application application vulnerability integration integrations +14
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration 2 days, 11 hours ago | blog.sonatype.com
application application vulnerability integration integrations +14
Sonatype Lifecycle best practices: InnerSource 3 days, 4 hours ago | blog.sonatype.com
best practices code code quality collaboration +9
Take control of your InnerSource components with InnerSource Insight 4 days, 6 hours ago | blog.sonatype.com
components control developers easier +11
A guide for open source software (OSS) security 1 week, 1 day ago | blog.sonatype.com
critical devzone evaluation guide +17
Sonatype Lifecycle best practices: Reference policies, backup and restore 1 week, 4 days ago | blog.sonatype.com
backup backup and restore best practices can +26
Sonatype Lifecycle best practices: Reference policies, backup and restore 1 week, 4 days ago | blog.sonatype.com
backup backup and restore best practices can +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com