npm Malware Alert: Multiple Cryptominer Packages Discovered
Several harmful packages have been found on the npm registry this month, posing as legitimate JavaScript libraries. Sonatype's automated malware detection system identified these packages, which initiated cryptominers on Windows, MacOS, and Linux machines.
The harmful packages, labeled as okhsa, klow, and klown, were found to contain EXE or ELF binary downloads from a Russia-based host. These downloads operate quietly in the background on infected machines. The author's account has since been deactivated.
The packages launched the Calculator app on Windows and contained either klow or klown as a dependency. klown falsely claimed to be the legitimate JavaScript library UA-Parser-js. The different versions of okhsa initiated the cryptominer, with catalog numbers Sonatype-2021-1472 and Sonatype-2021-1473 respectively. The author's targeting method remains unclear, with no signs of typosquatting or dependency hijacking.
The harmful packages okhsa, klow, and klown have been removed from the npm registry. Users are advised to check their systems for any signs of infection and to update their software regularly. Further investigation is needed to determine the author's motives and the full extent of the damage.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
- Jaguar Land Rover's Cyberattack Halts Production, Impacting 100,000 Jobs
- Navigating the Path to Tech Product Success: Expert Insights from Delasport, a Trailblazer in the Tech Industry
