Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Beware: Sneaky npm Packages Hide Backdoors in Corporate Logos!
Cybersecurity researchers have found two npm packages, img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy, hiding backdoor code. These packages, designed to look like a legitimate library, executed malicious commands through altered JavaScript files hidden in images. The npm security team has since removed them.
Hot Take:
When life gives you lemons, make lemonade. When life gives you npm packages with backdoor code… well, maybe it’s time to switch to lemonade. These sneaky packages might just make you nostalgic for the simpler days of good ol’ fashioned malware.
Key Points:
- Two malicious npm packages – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – were caught with their hands in the backdoor cookie jar.
- Downloads: 190 for img-aws-s3-object-multipart-copy and 48 for legacyaws-s3-object-multipart-copy.
- The packages masqueraded as a legitimate library but were packing some serious heat in the “index.js” file.
- Command-and-control functionality was hidden in logos of tech giants like Intel, Microsoft, and AMD.
- The npm security team has taken down the offending packages – cue the applause.
Already a member? Log in here