Hacking News Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

Hacking News Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack - Printable Version

+- (https://hackmyride.com/forum)
+-- Forum: Automotive Hacking (https://hackmyride.com/forum/forumdisplay.php?fid=211)
+--- Forum: News (https://hackmyride.com/forum/forumdisplay.php?fid=278)
+---- Forum: The Hacker News (https://hackmyride.com/forum/forumdisplay.php?fid=279)
+---- Thread: Hacking News Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack (/showthread.php?tid=8550)

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack - The Hacker News - 10-04-2023

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality.
The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what's an instance of a typosquatting campaign. It was downloaded 704

https://thehackernews.com/2023/10/rogue-npm-package-deploys-open-source.html