“Exposed: 36 Fake npm Packages Threatening Developer Data Security”

“Exposed: 36 Fake npm Packages Threatening Developer Data Security”

Nearly 36 Counterfeit Packages Found in npm Package Repository

  • Counterfeit packages designed to steal sensitive data from developer systems have been found in the npm package repository.
  • The alarming discovery is credited to Fortinet FortiGuard Labs.
  • Some of these deceitful packages include @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable, all of which have obfuscated scripts.

Data Swindling Amidst the Digital Sphere

In an alarming new development, cybersecurity experts at Fortinet FortiGuard Labs unearthed nearly three dozen bogus npm packages intended to extract sensitive data from unassuming developers’ systems. For those unacquainted with ‘npm’, it stands for Node Package Manager, helping developers serve up application logic faster than you can say, “Hey Google, play K-pop”.

Devious Packages: The Tech Netherworld’s Trojan Horses

Among the discoveries were dastardly packages with names that are about as innocent as a trojan horse at a firewall party. These included @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable. All harbor obfuscated code, as difficult to unravel as my attempt at untangling Christmas lights in January.

Final Thoughts

While this is a serious cause for concern and is nothing to chuckle at, let’s take a moment to appreciate the cyber vigilantes at Fortinet FortiGuard Labs. It’s thanks to them that developers around the world can sleep a bit more soundly at night, knowing their data is safer. Nonetheless, this incident reminds us all in the tech community to remain vigilant, check your packages, and always be skeptical of anything that looks too good to be true. After all, even roses have thorns and every cloud service has a potential data leak.


In a nutshell, Fortinet FortiGuard Labs have discovered 36 counterfeit packages within the npm package repository. These packs, which contain obfuscated scripts, are specifically engineered to extract sensitive information from developers’ systems. Individuals are encouraged to remain alert and assess their tech packages carefully. Remember, even in our tech-filled wonderland, malicious intent can reside where you least expect it. Just like discovering that the ‘ice-cream” you grabbed from the freezer turns out to be frozen fish sticks.

Original Article: https://thehackernews.com/2023/10/over-3-dozen-data-stealing-malicious.html

Leave a Reply

Your email address will not be published. Required fields are marked *


Your Cart Is Empty

No products in the cart.