BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • 16 packages with cryptominers found in the NPM repository

    a All 16 packages were uploaded to NPM by a user named "trendava". According to the NPM report, all malicious packages were removed from the repository the very next day after download.

    The names of malicious packages that install cryptocurrency miners are listed below:

    lagra, speedtesta, speedtestbom, speedtestfast, speedtestgo, speedtestgod, speedtestis, speedtestkas, speedtesto, speedtestrun, speedtestsolo, speedtestspa, speedtestwow, speedtestzo, trova, trovam.

    Most of the packages have a name reminiscent of internet speed testers, however they are all cryptocurrency miners. CheckPoint analysts also found that each package uses different code and methods to accomplish its tasks.

    “It is fair to assume that these differences represent a kind of test that the attacker performed without knowing in advance which version will be detected by the malware search tools. In some cases, malicious packages directly interact with crypto pools, and in some cases they use third-party executable files for this purpose,” CheckPoint representatives comment on the situation.

    A package called “speedtestspa”, for example, downloads a helper from GitLab and uses it to connect to a cryptocurrency mining pool, while a package called “speedtestkas” immediately has a malicious helper file in its composition. The "speedtestbom" package goes one step further by trying to hide the address of the cryptocurrency mining pool, so it connects to an external IP address to retrieve the pool. And the "speedtesto" package contains code from a real speed testing utility, so it can really be used to perform this task, discarding unnecessary suspicions from the developer.

    Another popular developer repository, PyPI, also found several malicious packages. True, there, the packages contained not a cryptominer, but an infostealer.

    A trend is striking: hackers are increasingly targeting software developers in their attacks. This is probably due to the fact that it is developers who most often blindly rely on the absence of any threats when using ready-made packages from popular repositories.

    Potential risks can be minimized by trusting only authoritative authors and carefully reviewing the code of any packages before adding them to your project.

    Author DeepWeb
    VMware fixes critical vulnerability in its Carbon Black App Control product
    Hackers forge certificates to hack networks

    Comments 0

    Add comment