According to new findings from Phylum, a set of fake npm packages discovered on the Node.js repository have ties to North Korean state-sponsored actors.
The packages are called execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate counterpart, execution-time, a library that receives over 27,000 weekly downloads. Execution-time is a Node.js utility that measures the time it takes to execute code.
In an interesting twist, the threat actors attempted to conceal the obfuscated malicious code in a test file, which is designed to fetch next-stage payloads from a remote server, steal credentials from web browsers such as Brave, Google Chrome, and Opera, and retrieve a Python script, which then downloads other scripts.
Read More: North Korean Hackers Targeting Developers with Malicious npm Packages
Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.
