Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

It has been observed that two malicious packages that were found on the npm package registry use GitHub as a means of storing SSH keys that are encrypted with Base64 and were taken from developer workstations that they were installed on.

The npm maintainers removed the modules warbeast2000 and kodiak2k, which had received 412 and 1,281 downloads, respectively, at the beginning of the month. The date of the most recent downloads was January 21, 2024.

ReversingLabs, a software supply chain security business, uncovered the finding and said that over 30 variants of Kodiak2k and eight variations of Warbeast2000 were available.

Each module can get and run a distinct JavaScript file read more Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *