NPM Removed Four Packages From Repository That Were Popping Reverse Shells

Four Javascript packages were removed from the npm repository on Thursday for containing malicious code that could pop reverse shell and exfiltrate the user’s data.

These packages had around 1,000 downloads over the course of the last few months up till now. Cybercriminals often upload code containing malware to public repositories hoping to establish reverse shell connections.

These four packages are:

“Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer,” the npm security team said.

“The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it,” they added.

These three packages plutov-slack-client, nodetest1010, and nodetest199 share identical code.

Don’t Miss: Get a Reverse Shell in Seconds using USB Rubber Ducky & Arduino BadUSB

The code inside packages is capable of running on both Unix-based and Windows systems. It can establish a reverse shell connection to the attacker’s server, allowing the hacker to obtain remote access to the compromised machines.


Source: The Hack Today

Leave a Reply

Your email address will not be published. Required fields are marked *