Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.
Software supply chain firm Phylum, which first identified the “test” packages on July 31, 2023, said they “demonstrated increasing functionality and refinement,” hours after which they were removed and re-uploaded under different, legitimate-sounding package names.
While the end goal of the undertaking is not clear, it’s suspected to be a highly targeted campaign aimed at the cryptocurrency sector based on references to modules such as “rocketrefer” and “binarium.”
