all InfoSec news
Smuggling Malware in Test Code
Feb. 20, 2024, 11:11 p.m. | Phylum Research Team
Phylum blog.phylum.io
Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempted to hide the malicious code in a test
attacker blog blog post code credential credential stealer cryptocurrency discover dive ecosystems hide malicious malware npm npm package package phylum research scripts smuggling stealer test
More from blog.phylum.io / Phylum
Nation-State Threat Actors Renew Publications to npm
3 days, 16 hours ago |
blog.phylum.io
Q1 2024 Evolution of Software Supply Chain Security Report
1 week, 5 days ago |
blog.phylum.io
Rust crate shipping xz backdoor
2 weeks, 2 days ago |
blog.phylum.io
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cybersecurity Engineer
@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
Invoice Compliance Reviewer
@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
Technical Program Manager II - Compliance
@ Microsoft | Redmond, Washington, United States
Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence
@ Moonshot | Washington, District of Columbia, United States
Customer Engineer, Security, Public Sector
@ Google | Virginia, USA; Illinois, USA