NPM removed NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository due to an established connection to remote service and exfiltrated user data.

The deleted packages are plutov-slack-client, nodetest199, nodetest1010 and npmubman.

After the installation of the packages, the code established a connection to attacker's server, allowing to obtain the remote access to compromised device.


Read More

Got Something To Say?

Your email address will not be published. Required fields are marked *