More than 200 cryptomining packages flood npm and PyPI registry | allinfosecnews.com

Aug. 19, 2022, 1:22 p.m. | Ax Sharma

Security Boulevard securityboulevard.com

Sonatype has spotted 186 malicious packages flooding the npm registry today. These packages infect Linux hosts with cryptominers by downloading a malicious Bash script from the threat actor's server via the Bitly URL shortener service. Our discovery follows another researcher's discovery of 55 PyPI packages from this week, that also pull crypto miners in an identical fashion from the same offending URL.

The post More than 200 cryptomining packages flood npm and PyPI registry appeared first on Security Boulevard.

cryptomining devzone featured flood malware prevention nexus firewall npm pypi registry vulnerabilities

More from securityboulevard.com / Security Boulevard

Palo Alto Networks Extends SASE Reach to Unmanaged Devices 2 hours ago | securityboulevard.com

alto devices devops devsecops +20

USENIX Security ’23 – Cryptographic Deniability: A Multi-perspective Study of User Perceptions and Expectations 2 hours ago | securityboulevard.com

access authors channel conference +17

The impact of automating open source dependency management 2 hours ago | securityboulevard.com

automation business consuming customer +14

Navigating Container Security with AttackIQ’s Optimization Solutions 3 hours ago | securityboulevard.com

attackiq businesses challenge cloud security +19

CEO Discusses MDR Service With a Risk-Based Approach 3 hours ago | securityboulevard.com

aids apps artificial artificial intelligence +29

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW 4 hours ago | securityboulevard.com

agency analytics & intelligence api security bug +70

Our New “Days of Rage” Protest Activity and Considerations for Corporate Security 4 hours ago | securityboulevard.com

article attack college corporate +23

Understanding the Link Between API Exposure and Vulnerability Risks 6 hours ago | securityboulevard.com

api apis application security architectures +19

USENIX Security ’23 – Defining “Broken”: User Experiences and Remediation Tactics When Ad-Blocking or Tracking-Protection … 6 hours ago | securityboulevard.com

access arthur authors blocking +22

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604

View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö

View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963

View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000

View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto

View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto

View on infosec-jobs.com