all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Crypto-Themed npm Packages Found Delivering Stealthy Malware

Add to bookmarks
Nov. 4, 2023, 2 p.m. | Phylum Research Team

Phylum blog.phylum.io

On October 30, 2023 Phylum’s automated risk detection platform alerted us to a strange publication to npm called puma-com. Upon investigation, we found a very convoluted attack chain that ultimately pulled a remote file, manipulated it in place, called an exported function from that file, and then meticulously

attack attack chain automated called crypto detection file found function investigation malware npm october packages phylum platform pulled puma research risk ultimately

Visit resource

More from blog.phylum.io / Phylum

Devious Python Build Requirements 2 days, 18 hours ago | blog.phylum.io
arbitrary code attackers build code +5
Python Package Installation Attacks 1 week ago | blog.phylum.io
attackers attacks back code +14
Python Trojan Functions and Imports 1 week ago | blog.phylum.io
calling code concept functions +10
Python Package Spoofing 1 week ago | blog.phylum.io
authors code developers foundation +18
Series: How Malicious Python Code Gains Execution 1 week ago | blog.phylum.io
attackers code dependencies developer +21
Nation-State Threat Actors Renew Publications to npm 1 week, 1 day ago | blog.phylum.io
apts attack back blog +18
Enterprise Strategy Group Report: The Growing Complexity of Securing the Software Supply Chain 2 weeks, 1 day ago | blog.phylum.io
america called complexity developer +21
Q1 2024 Evolution of Software Supply Chain Security Report 2 weeks, 2 days ago | blog.phylum.io
cve cves exploited in the wild +17
Rust crate shipping xz backdoor 3 weeks ago | blog.phylum.io
attack backdoor compression engineer +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs