October 5, 2023
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality.
The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what’s an instance of a typosquatting campaign. It was downloaded 704
The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what’s an instance of a typosquatting campaign. It was downloaded 704
Article posted by: https://thehackernews.com/2023/10/rogue-npm-package-deploys-open-source.html
——————————————————————————————————————–
Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India
Contact us – https://www.infocerts.com
