PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments

Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads.

The packages in question are listed below:

• eslint-config-airbnb-compat (676 Downloads)
• ts-runtime-compat-check (1,588 Downloads)
• solders (983 Downloads)
• @mediawave/lib (386 Downloads)

All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry.

SafeDep’s analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package (“proxy.eslint-proxy[.]site”) to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown.

To read the complete article see: The Hacker News.