Malicious NPM Package Targets NodeJS Developers Using Linux And macOS

The malicious package is called "web-browserify", and it imitates the popular npm component Browserify. The package contains of a manifest file, package.json, postinstall.js script, and ELF executable named "run" present in a compressed archive. After the malicious package is installed the scripts extract and launch the "run" Linux binary from the archive, which requests elevated or root permissions from the user. The extracted "run" contains a large number of legitimate npm components used for malicious activities. Read more...