all InfoSec news
Typosquatting campaign delivers r77 rootkit via npm
ReversingLabs Blog blog.reversinglabs.com
ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot that facilitated the planting of an open source rootkit, r77.
This is the first time ReversingLabs researchers have discovered a malicious open source package delivering rootkit functionality, and suggests that open source projects may increasingly be seen as an avenue by which to distribute malware.
attack august bot campaign console discord hide malicious node npm open source package platform researchers reversinglabs rootkit supply supply chain supply chain attack threat research typosquatting windows