Typosquatting campaign delivers r77 rootkit via npm | allinfosecnews.com

Oct. 4, 2023, 11 a.m. | lucija.valentic@reversinglabs.com (Lucija Valentić)

ReversingLabs Blog blog.reversinglabs.com

ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot that facilitated the planting of an open source rootkit, r77.

This is the first time ReversingLabs researchers have discovered a malicious open source package delivering rootkit functionality, and suggests that open source projects may increasingly be seen as an avenue by which to distribute malware.

attack august bot campaign console discord hide malicious node npm open source package platform researchers reversinglabs rootkit supply supply chain supply chain attack threat research typosquatting windows

More from blog.reversinglabs.com / ReversingLabs Blog

What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss 11 hours ago | blog.reversinglabs.com

appsec & supply chain security cisos development don +16

How SOC analysts and threat hunters can expose malware undetected by EDR 1 day, 13 hours ago | blog.reversinglabs.com

analysts can corporate don +16

Introducing the Unified RL Spectra Suite 1 day, 13 hours ago | blog.reversinglabs.com

always on appsec & supply chain security change criminals +15

Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection 1 day, 13 hours ago | blog.reversinglabs.com

advanced advanced threat advanced threat detection analysis +23

Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 5 days, 16 hours ago | blog.reversinglabs.com

advanced advanced threat advanced threat detection analysis +23

How NIST CSF 2.0 and C-SCRM help manage software supply chain risk 6 days, 12 hours ago | blog.reversinglabs.com

appsec & supply chain security businesses critical critical infrastructure +29

What’s hot at RSAC 2024: 7 must-see talks for security operations teams 1 week ago | blog.reversinglabs.com

conference filter flood francisco +21

NVD delays highlight vulnerability management woes: Put malware first 1 week, 1 day ago | blog.reversinglabs.com

appsec & supply chain security attention change current +16

CycloneDX upgraded for the evolving software supply chain security era 1 week, 6 days ago | blog.reversinglabs.com

ai development appsec & supply chain security bill bills +25

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland

View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France

View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States

View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India

View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC

View on infosec-jobs.com