all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Fake 'distube-config' npm package drops Windows info-stealing malware

Add to bookmarks
Jan. 24, 2024, 3:08 p.m. | Ax Sharma

Sonatype Blog blog.sonatype.com




Sonatype has identified two npm packages distube-config and discordyt that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan. Our security researcher, Juan Aguirre, who analyzed the malware shares some insights.

config discord drops fake infect info info-stealing malware insights malware modules npm npm package open source open source packages package packages researcher security security researcher sonatype stealing trojan vulnerabilities windows

Visit resource

More from blog.sonatype.com / Sonatype Blog

Sonatype Lifecycle best practices: Getting started and managing SBOMs 6 days, 15 hours ago | blog.sonatype.com
applications best practices critical dependencies +13
DevOps pioneers navigate organizational transformation 1 week, 6 days ago | blog.sonatype.com
depth devops devops transformation download +13
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens' 2 weeks, 1 day ago | blog.sonatype.com
cases dependency dependency confusion flood +19
The essential duo of SCA and SBOM management 2 weeks, 5 days ago | blog.sonatype.com
application application security attacks duo +16
Automating and maintaining SBOMs 3 weeks, 5 days ago | blog.sonatype.com
artifact automation bill components +11
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and libzma 1 month ago | blog.sonatype.com
attack attacks backdoor bank +26
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma 1 month ago | blog.sonatype.com
attack attacks backdoor bank +26
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern 1 month ago | blog.sonatype.com
apache cyclonedx devzone experience +14
Cyber readiness and SBOMs 1 month ago | blog.sonatype.com
academic academic research advanced bills +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland
View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France
View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States
View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC
View on infosec-jobs.com
View more jobs