npm Archives - Security Affairs

Pierluigi Paganini July 15, 2025

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy […]

Pierluigi Paganini April 23, 2025

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys. xrpl.js is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads. Hundreds of thousands of […]

Pierluigi Paganini January 04, 2025

Malicious npm packages target Ethereum developers

Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat, by the Nomic Foundation, is an essential Ethereum tool, enabling streamlined smart contract and dApp development with customizable plugins. Socket researchers reported a supply chain attack targeting the Nomic Foundation and Hardhat platforms, attackers use malicious npm packages to […]

Pierluigi Paganini December 18, 2023

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors pushed a malicious version of the “@ledgerhq/connect-kit” npm module developed by crypto hardware wallet maker Ledger, leading to the theft of more than $600,000 in virtual assets. Once the attack was discovered, the Crypto hardware wallet maker […]

Pierluigi Paganini August 04, 2023

Malicious packages in the NPM designed for highly-targeted attacks

Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were developed to exfiltrate sensitive developer source code and other confidential information. All of these packages […]

Pierluigi Paganini May 19, 2023

NPM packages found containing the TurkoRat infostealer

Experts discovered two malicious packages in the npm package repository, both were laced with an open-source info-stealer called TurkoRat. ReversingLabs discovered two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat. TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, […]

Pierluigi Paganini July 07, 2022

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi, that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts. The researchers uncovered […]

Pierluigi Paganini July 06, 2022

Malicious NPM packages used to grab data from apps, websites

Researchers from ReversingLabs discovered tens of malicious NPM packages stealing data from apps and web forms. Researchers from ReversingLabs discovered a couple of dozen NPM packages that included malicious code designed to steal data from apps and web forms on websites that included the modules. The malicious NPM modules were delivered as part of a […]

Pierluigi Paganini December 09, 2021

Tens of malicious NPM packages caught hijacking Discord servers

Researches from cybersecurity firm JFrog found 17 malicious packages on the NPM package repository hijacking Discord servers. JFrog researchers have discovered 17 malicious packages in the NPM (Node.js package manager) repository that were developed to hijack Discord servers. The libraries allow stealing Discord access tokens and environment variables from systems running giving the attackers full access to […]

Pierluigi Paganini November 16, 2021

GitHub addressed two major vulnerabilities in the NPM package manager

Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities in the npm that have been already addressed. The first vulnerability can be exploited by an attacker to publish new versions of any npm package using an account without proper authorization. The flaw was reported by […]

npm

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Malicious npm packages target Ethereum developers

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Malicious packages in the NPM designed for highly-targeted attacks

NPM packages found containing the TurkoRat infostealer

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Malicious NPM packages used to grab data from apps, websites

Tens of malicious NPM packages caught hijacking Discord servers

GitHub addressed two major vulnerabilities in the NPM package manager

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection

A Scattered Spider member gets 10 years in prison

FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage

US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin

DOJ takes action against 22-year-old running RapperBot Botnet

QUICK LINKS

npm

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!