CYBER SECURITY

‘Package confusion’ attack against NPM used to trick developers into downloading malware

Photo of testv testv Send an email 2 hours ago
0 0 1 minute read


In other words, there is no single address, IP, or server to block. That said, there are downsides to the technique that are not mentioned by Checkmarx, including the fact that blockchain communication is slow, as well as public. The blockchains can’t be edited, or blocked easily, but they can be tracked once their use as part of malware C2 has been uncovered. 

Despite past predictions that the technique would take off, this is probably why using blockchains for C2 remains the experimental preserve of specialist malware.

Package confusion

Perhaps the more significant part of the story is that the technique is being used to target testing tools distributed via NPM, the largest open source JavaScript registry. Targeting testing tools is another way to get inside the privileged developer testing environments, and any deeper access to the CI/CD pipelines that they reveal.

Photo of testv testv Send an email 2 hours ago
0 0 1 minute read
Photo of testv

testv

Related Articles

5 Most Common Malware Techniques in 2024

8 hours ago

Pasta spies and private eyes, and are you applying for a ghost job? • Graham Cluley

14 hours ago

Wie Hacker ML für Angriffe nutzen

19 hours ago

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

1 day ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button