Conversation:
Notices
-
GeniusMusing (geniusmusing)'s status on Sunday, 18-Oct-2020 20:05:49 EDT GeniusMusing Three npm Packages Opened Remote-Access Shells on Linux and Windows Systems Slashdothttps://nu.federati.net/url/276724 >"Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code," reports ZDNet. > >"According to advisories from the npm security team, the three JavaScript libraries opened shells on the computers of developers who … - LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} repeated this.
-
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Monday, 19-Oct-2020 00:40:45 EDT LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} @geniusmusing I'm sure other software repositories have this issue, but I hear about it more from Node.js / NPM. -
GeniusMusing (geniusmusing)'s status on Monday, 19-Oct-2020 09:19:47 EDT GeniusMusing @lnxw48a1 Yes, PHP and PyPI (Python) have had similar issues but it seems the more people use node/NPM than the others so it may be targeted more.
How one man could have pwned all your PHP programs – Naked Security (2018)
https://nakedsecurity.sophos.com/2018/08/30/how-one-man-could-have-pwned-all-your-php-programs/
Ten Malicious Libraries Found on PyPI Python Package Index (2017)
https://nu.federati.net/url/276735LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} repeated this.