RATs found hiding in the npm attic | allinfosecnews.com

May 18, 2023, 1 p.m. | lucija.valentic@reversinglabs.com (Lucija Valentić)

ReversingLabs Blog blog.reversinglabs.com

While regularly combing through packages available on public repositories such as npm and PyPI, ReversingLabs researchers encounter packages with different combinations of behaviors and characteristics. These behaviors and characteristics might not be easily discernible simply by observing the package’s contents. However, they can be observed once the package is analyzed with the ReversingLabs Software Supply Chain Security platform.

discernible npm package packages public pypi rats repositories researchers reversinglabs software supply chain security threat research

More from blog.reversinglabs.com / ReversingLabs Blog

CycloneDX upgraded for the evolving software supply chain security era 11 hours ago | blog.reversinglabs.com

ai development appsec & supply chain security bill bills +25

Where GenAI intersects with threat modeling: 3 key benefits for AppSec 1 day, 13 hours ago | blog.reversinglabs.com

application application security appsec appsec & supply chain security +18

OWASP's LLM AI Security & Governance Checklist: 13 action items for your team 2 days, 13 hours ago | blog.reversinglabs.com

action ai security appsec & supply chain security artificial +15

XZ Trojan highlights software supply chain risk posed by 'sock puppets' 1 week ago | blog.reversinglabs.com

appsec & supply chain security attacks compression compromise +28

The state of secrets security: 7 steps to better managing risk 1 week, 1 day ago | blog.reversinglabs.com

appsec & supply chain security complexity development epidemic +16

When GenAI and low-code collide: What could go wrong for AppSec? 1 week, 2 days ago | blog.reversinglabs.com

application application security appsec appsec & supply chain security +22

Malicious helpers: VS Code Extensions observed stealing sensitive information 2 weeks, 1 day ago | blog.reversinglabs.com

administrators attacks code daily +20

SBOMs are now essential: Make them actionable to better manage risk 2 weeks, 2 days ago | blog.reversinglabs.com

actionable appsec & supply chain security attack attacks +15

A software supply chain meltdown: What we know about the XZ Trojan 2 weeks, 3 days ago | blog.reversinglabs.com

alarms appsec & supply chain security attack backdoor +18

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Cybersecurity Consultant- Governance, Risk, and Compliance team

@ EY | Tel Aviv, IL, 6706703

View on infosec-jobs.com

Professional Services Consultant

@ Zscaler | Escazú, Costa Rica

View on infosec-jobs.com

IT Security Analyst

@ Briggs & Stratton | Wauwatosa, WI, US, 53222

View on infosec-jobs.com

Cloud DevSecOps Engineer - Team Lead

@ Motorola Solutions | Krakow, Poland

View on infosec-jobs.com