Skip to main content

Malicious npm Packages and PyPI Threaten Systems

Date: January 20, 2025
Author: Ravie Lakshmanan

Tags: Supply Chain Attack / Solana

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems.

The list of identified packages is below:

  • npm Packages:

    • @async-mutex/mutex, a typosquat of async-mute
    • dexscreener, which masquerades as a library for accessing liquidity pool data from decentralized exchanges (DEXs) and interacting with the DEX Screener platform
    • solana-transaction-toolkit
    • solana-stable-web-huks
  • npm Packages (continued):
    • cschokidar-next, a typosquat of chokidar
    • acho…lank

On the other hand, Pycord-self singles out Python developers looking to integrate Discord APIs into their projects, capturing Discord authentication tokens and connecting to an attacker-controlled server for persistent backdoor access post installation on both Windows and Linux systems.

The development comes as bad actors are targeting Roblox users with fraudulent libraries engineered to facilitate data theft using open-source stealer malware such as Skuld and Blank-Grabber. Last year, Imperva revealed that Roblox players on the lookout for game cheats and mods have also been targeted by bogus PyPI packages that trick them into downloading the same payloads.

Stay Informed:

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Source Link