all InfoSec news
Typosquatting campaign delivers r77 rootkit via npm
Security Boulevard securityboulevard.com
ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot that facilitated the planting of an open source rootkit, r77.
This is the first time ReversingLabs researchers have discovered a malicious open source package delivering rootkit functionality, and suggests that open source projects may increasingly be seen as an avenue by which to distribute malware.
The post …
attack august bot campaign console discord hide malicious node npm open source package platform researchers reversinglabs rootkit supply supply chain supply chain attack threat research typosquatting windows