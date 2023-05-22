npm packages found hosting TurkoRat malware

By on
npm packages found hosting TurkoRat malware

Typo-squatting attacks re-emerge.

A research outfit called Reversing Labs has found TurkoRat lurking on the npm package repository.

The two malicious packages were typo-squatting on legitimate packages, Reversing Labs said in a blog post, and had been available on npm for around two months before they were discovered.

Typo-squat attacks try to trick developers looking for popular packages like React into downloading a package with a look-alike name (R2act, for example).

The legitimate packages are nodejs-encrypt-agent and nodejs-cookie-proxy-agent.

Nodejs-encrypt-agent is part of Agent-Base version 6.0.2, which the company said has been downloaded 20 million times.

Node-cookie-proxy-agent “is not as popular as agent-base, but it was continuously downloaded throughout last year”, the researchers said.

“The malicious actors were clearly hoping one of those millions of developers would be fooled into downloading the malicious package instead of the benign one,"Reversing Labs noted.

Attack behaviours observed by the researchers included writing to and deleting from Windows directories, executing commands, and tampering with DNS settings.

TurkoRat is an open-source, customisable malware offered on GitHub.

Reversing Labs said a malicious actor “can modify a few settings in the build to alter the configuration and capabilities of the finished portable executable file.

"They would then need to use build.bat to rebuild it and package it into a malicious executable," it added.

The Reversing Labs researchers found the npm package bundles all the necessary files into a single executable.

They said “the malicious packages were almost certainly responsible for the malicious TurkoRat being run on an unknown number of developer machines.”

Last year, cryptominers were found in 186 typo-squatting packages.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
npmsecuritysoftwareturkorat

Sponsored Whitepapers

Creating the Sustainable IT Department
Creating the Sustainable IT Department
Modernize and innovate in a Multicloud operating model
Modernize and innovate in a Multicloud operating model
The Future Belongs to the Innovators
The Future Belongs to the Innovators
Manufacturers&#8217; Perspectives on Modernizing with Edge Computing and 5G eBook
Manufacturers’ Perspectives on Modernizing with Edge Computing and 5G eBook
State of Email Security Report 2023
State of Email Security Report 2023

Events

Most Read Articles

Trend Micro discloses vulnerabilities in enterprise products

Trend Micro discloses vulnerabilities in enterprise products
TechnologyOne still investigating impact of M365 cyber incident

TechnologyOne still investigating impact of M365 cyber incident
Data of 237,000 US government employees breached

Data of 237,000 US government employees breached
Cisco switch firmware patched against critical bugs

Cisco switch firmware patched against critical bugs

Digital Nation

Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics
Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents
Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again
Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success
Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology

Log In

  |  Forgot your password?