Based on information from HackRead, a novel cyberattack has been identified that leverages ordinary image files to conceal malicious software, posing a significant threat to software developers and their systems.Security researchers at Veracode Threat Research discovered a malicious package named "buildrunner-dev" on npm. This package employed a typosquatting technique, mimicking a legitimate tool to trick users into downloading it. Upon installation, it executes a script that downloads a large, obfuscated batch file designed to evade security scanners. This file contains numerous lines of seemingly random text, with only a few actual commands. The malware is sophisticated, checking for and attempting to bypass antivirus software from vendors like ESET and Malwarebytes.It uses techniques such as process hollowing and copies itself to a hidden folder, often utilizing the "fodhelper.exe" tool to bypass user permission prompts. The most striking aspect is the use of steganography, hiding the core virus within a PNG image file by embedding malicious code in the pixel data. This ultimately deploys Pulsar RAT, a remote access trojan, giving attackers full control over the compromised computer.Source: HackRead
Malware, Security Operations, Supply chain, DevOps
New cyberattack hides malware in images on npm

(Credit: Araki Illustrations – stock.adobe.com)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


