Malware found on npm infecting local package with reverse shell
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated malware campaign targeting npm packages has been discovered, involving two malicious packages: ethers-provider2 and ethers-providerz. These packages act as downloaders, hiding their malicious payload cleverly. Upon installation, they patch the legitimate locally-installed npm package 'ethers' with a new file containing malicious code. This patched file ultimately serves a reverse shell, connecting to the threat actor's server. The malware employs evasive techniques, maintaining persistence even after removal of the original malicious package. This approach demonstrates a high level of sophistication and poses a significant threat to software supply chain security. The campaign also includes other related packages, highlighting the growing scope of risks for both software producers and end-user organizations.
OPENCTI LABELS :
javascript,persistence,npm,reverse-shell,ethers-provider2,package-infection,ethers-providerz
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malware found on npm infecting local package with reverse shell