Nefarious npm package exposes backdoors on the programmer’s devices

7
Nefarious npm

The security team of npm announced the removal of a nefarious JavaScript library from the website. It contained a nefarious code that opened backdoors on the programmer’s devices. The library was named “twilio-npm,” and Sonatype detected the suspicious behavior.

Read More: Diversity is the Key to Build a More Resilient Cyber Security Team

Sonatype said that the library was published, detected, and removed on the same day as the npm security team blacklisted the library package. Even in the short time that the library was live, it was downloaded over 370 times. It was automatically included along with the JavaScript projects created and handled via the Node Package Manager (npm) command-line utility.

Source: zdnet