CyberSecurityBoard
Sponsor Register Login

Researchers Detect Malicious NPM Packages Targeting Developers with Backdoors and Data Theft

In a recent cybersecurity investigation, researchers have uncovered a series of malicious NPM packages designed to infiltrate developer environments and steal sensitive data. These packages, disguised as legitimate tools, contain backdoors that allow attackers to execute arbitrary code and exfiltrate information from compromised systems. The threat highlights the increasing risks associated with supply chain attacks in the software development ecosystem, particularly within popular package managers like NPM. Developers are urged to exercise caution when integrating third-party packages and to implement rigorous security checks to mitigate potential threats. This article delves into the methods used by attackers, the implications for software security, and best practices for safeguarding development workflows against such sophisticated attacks. It also discusses the importance of community vigilance and the role of automated tools in detecting and preventing malicious code from entering widely used repositories. By understanding these emerging threats, organizations can better protect their software supply chains and maintain the integrity of their development processes.

This Cyber News was published on thehackernews.com. Publication date: Tue, 11 Nov 2025 23:14:03 +0000


Cyber News related to Researchers Detect Malicious NPM Packages Targeting Developers with Backdoors and Data Theft

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com
'everything' blocks devs from removing their own npm packages - Since these 3,000+ packages manage to include every single npm package on the npmjs.com registry as their dependency, npm package authors who have ever published to the npm registry would now be unable to remove their packages at will, because of ...
2 years ago Bleepingcomputer.com
Malicious npm Packages Attacking Linux Developers to Install SSH Backdoors - Discovered in early 2025, several malicious npm packages have been masquerading as legitimate Telegram bot libraries to deliver SSH backdoors and exfiltrate sensitive data from unsuspecting developers. The malicious variants—node-telegram-utils, ...
8 months ago Cybersecuritynews.com
5000+ Malicious Packages Found In The Wild To Compromise Windows Systems - These packages, detected from November 2024 onward, employ sophisticated techniques to evade traditional security measures while executing harmful actions that can lead to data theft, unauthorized access, and complete system compromise. Similarly, ...
10 months ago Cybersecuritynews.com
Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
1 year ago Securitylabs.datadoghq.com
Lazarus Hackers Weaponized 6 npm Packages To Steal Logins - The hackers successfully compromised six popular npm packages, injecting malicious code designed to harvest login credentials from thousands of developers and organizations worldwide. A sophisticated supply chain attack orchestrated by the notorious ...
10 months ago Cybersecuritynews.com Lazarus Group
Malicious NPM packages fetch info-stealer for Windows, Linux, macOS - A recent cybersecurity investigation has uncovered malicious NPM packages that distribute an info-stealer malware targeting Windows, Linux, and macOS platforms. These packages, hosted on the popular Node Package Manager (NPM) repository, have been ...
2 months ago Bleepingcomputer.com
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
2 years ago Pandasecurity.com
Malicious NPM Packages Exploit Ethereum Wallets to Steal Crypto Funds - In a recent cybersecurity alert, researchers have uncovered a series of malicious NPM packages designed to exploit vulnerabilities in Ethereum wallets, leading to significant crypto fund thefts. These packages, masquerading as legitimate ...
4 months ago Thehackernews.com
npm 'accidentally' removes Stylus package, breaks builds and pipelines - Panya (the former maintainer of Stylus) used their own account to release a package containing malicious code (for security research purposes? I am unsure), but did not release a new version of Stylus containing malicious code. BleepingComputer ...
5 months ago Bleepingcomputer.com
Researchers Detect Malicious NPM Packages Targeting Developers with Backdoors and Data Theft - In a recent cybersecurity investigation, researchers have uncovered a series of malicious NPM packages designed to infiltrate developer environments and steal sensitive data. These packages, disguised as legitimate tools, contain backdoors that allow ...
2 months ago Thehackernews.com
Hackers breach Toptal GitHub account, publish malicious npm packages - In the days that followed, the attackers modified the source code of Picasso on GitHub to include malware and published 10 malicious packages on NPM as Toptal, making them appear as legitimate updates. According to code security ...
5 months ago Bleepingcomputer.com
Building For a More Secure Future: How Developers Can Prioritize Cybersecurity - At the time, he was breaking new ground, repeating those words to help convince his teams on how crucial developers were going to be to the success of their platform. While the focus may have been initially on enterprise B2B platforms with Microsoft, ...
1 year ago Cyberdefensemagazine.com
175 Malicious NPM Packages With 26,000 Downloads Found in the Wild - A recent cybersecurity investigation uncovered 175 malicious NPM packages that have been downloaded over 26,000 times, posing significant risks to developers and organizations relying on these packages. These malicious packages were designed to steal ...
3 months ago Cybersecuritynews.com
PhantomRaven Attack Involves 126 Malicious NPM Packages - The PhantomRaven cyberattack has been uncovered involving a staggering 126 malicious NPM packages, posing a significant threat to the software development community. These packages were designed to infiltrate systems by exploiting the widely used ...
2 months ago Cybersecuritynews.com PhantomRaven
Malicious NPM Packages Impersonate Popular Libraries to Steal Credentials, Cryptocurrency - In a recent cybersecurity alert, researchers have uncovered a wave of malicious NPM packages designed to impersonate popular JavaScript libraries. These packages are crafted to deceive developers by mimicking legitimate libraries, but their true ...
4 months ago Thehackernews.com
New npm attack poisons local packages with backdoors - Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. In general, when downloading packages from package indexes like PyPI and ...
9 months ago Bleepingcomputer.com
North Korean hackers target open-source repositories in new espionage campaign | The Record from Recorded Future News - North Korean state-backed hackers have planted malicious code in open-source software repositories as part of an ongoing campaign that has already put tens of thousands of developers at risk of surveillance and data theft, according to new research. ...
5 months ago Therecord.media
Malicious NPM Packages Targeting PayPal Users to Steal Sensitive Data - FortiGuard Labs, Fortinet’s AI-driven threat intelligence arm, has uncovered a series of malicious NPM packages designed to steal sensitive information from developers and target PayPal users. Detected between March 5 and March 14, 2025, these ...
9 months ago Cybersecuritynews.com
3 PYPI Packages Caught Spreading Malware - Recent reports have highlighted the malicious spreading of malware via 3 specific Python Package Index (PyPI) packages. These 3 packages were identified and reported by Sonatype, a software supply chain security firm. ...
2 years ago Securityaffairs.com
Malicious NX Packages Found in S1ngularity Repository Targeting Developers - In August 2025, cybersecurity researchers uncovered a series of malicious NX packages hosted in the S1ngularity repository, posing a significant threat to developers and organizations relying on these packages. These malicious packages were designed ...
4 months ago Thehackernews.com
NPM Packages Hijacked to Spread Malware: What You Need to Know - The recent hijacking of popular NPM packages has raised significant concerns in the cybersecurity community. Attackers have exploited vulnerabilities in widely used JavaScript libraries to distribute malware, putting countless developers and ...
4 months ago Cybersecuritynews.com
Malicious npm and PyPI Pose as Developer Tools to Steal Login Credentials - The researchers noted that the packages employ various exfiltration methods to transmit stolen credentials to threat actors, with react-native-scrollpageviewtest using Google Analytics as its exfiltration channel, while the PyPI packages leverage ...
8 months ago Cybersecuritynews.com
North Korean Lazarus hackers infect hundreds via npm packages - The packages contain malicious code designed to steal sensitive information, such as cryptocurrency wallets and browser data that contains stored passwords, cookies, and browsing history. The packages, which have been downloaded 330 times, are ...
10 months ago Bleepingcomputer.com
Lazarus Adds New Malicious npm Packages with Hexadecimal Encoding - These packages, part of the broader Contagious Interview operation, are designed to evade automated detection systems and manual code audits, marking a significant evolution in the group’s approach to cyber espionage and financial theft. The ...
9 months ago Cybersecuritynews.com Lazarus Group

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)