ReversingLabs researchers revealed Thursday that two malicious packages lived on npm for two months before being detected. “The presence of such suspicious characteristics and behaviors first caused the npm package nodejs-encrypt-agent to come to our attention,” wrote https://www.linkedin.com/in/lucija-valenti%C4%87-731975210?original_referer=https%3A%2F%2Fwww%2Egoogle%2Ecom%2F&originalSubdomain=hr, a software threat researcher at ReversingLabs. “First published more than two months ago, nodejs-encrypt-agent appears at first glance to be a legitimate package.

At first, they dismissed the findings, thinking npm administrators would have recognized if the package was malicious.

“Still, the malicious packages were almost certainly responsible for the malicious TurkoRat being run on an unknown number of developer machines.

Related Articles