Why did the programmer go broke? Because he used up all his cache! Unlike that penniless coder, a sneaky new function hiding within the npm package registry isn’t making anyone laugh. Rather, it’s causing quite an alarm in the developer community. The deceptive package is deploying an open-source rootkit named r77 for the first time ever. No more ‘first-time charm’ here, huh?
Do you know what’s the sinister quality of the package? Posing as a twin! Indeed, the malicious package tagged as “node-hide-console-windows” is just a corrupt version of the legitimate npm package “node-hide-console-window”. It’s like Dr. Jekyll turning into Mr. Hyde. This case is not just a red herring, it’s a textbook instance of what’s called a ‘typosquatting’ campaign. Don’t be deceived by slight typos! They can tear you asunder!
Ever heard a rogue package offering nefarious services? This is the first recorded instance where a rogue package has been used to deliver rootkit functionality. The package wasn’t just sitting around either. Before being caught and kicked out, it managed to convince 704 folks to download it. The talk about tact! Almost sounds like a successful startup pitch gone terribly wrong, right?
In summary, a deceptive npm package made history by being the first of its kind to deploy a rootkit, called r77. The package, named node-hide-console-windows, imitates the legitimate npm package node-hide-console-window and was a part of a typosquatting campaign. It received 704 downloads before detection and removal. This scenario underscores the persistent and evolving security challenges in the field of software development.
Original Article: https://thehackernews.com/2023/10/rogue-npm-package-deploys-open-source.html
No products in the cart.