New npm attack poisons local packages with backdoors

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. This way, even if the victim removes the malicious packages, the backdoor remains on their system. The new tactic was discovered by researchers at Reversing Labs, who warned about the risk it entails, even if the packages weren't downloaded in large numbers. "It's not unusual to encounter downloaders on npm; they are maybe not as common as infostealers, but they are far from uncommon," explains Reversing Labs. "However, this downloader is worth discussing because of the exceptional strategies employed by the attackers to hide the malicious payload it delivered." Injecting a reverse shell The two packages discovered by Reversing Labs during routine security investigations on the open-source supply chain are 'ethers-provider2' and 'ethers-providerz.' The first package, which is still available on npm at the t ... Read full article.