(socket.dev) Malicious Activity Detected in New Versions of node-ipc npm Package: Stealer and Backdoor Behavior Identified
-
(socket.dev) Malicious Activity Detected in New Versions of node-ipc npm Package: Stealer and Backdoor Behavior Identified
Newly published versions of the node-ipc npm package (9.1.6, 9.2.3, 12.0.1) identified as malware with stealer/backdoor capabilities. Host fingerprinting, file enumeration, and encrypted data exfiltration detected. Immediate blocking and auditing of affected versions advised.
In brief - Critical supply chain compromise in node-ipc npm package (versions 9.1.6, 9.2.3, 12.0.1) introduces stealer/backdoor functionality, enabling data exfiltration and system compromise. Historical malicious activity (e.g., geo-targeted destructive payloads in 10.1.1/10.1.2) underscores persistent risks in JavaScript dependencies.
Technically - Malicious node-ipc versions employ host environment fingerprinting, local file enumeration, and data compression before exfiltrating payloads via encrypted envelopes. Network endpoints dynamically selected via DNS or hardcoded logic. Prior incidents include CVE-less destructive malware (10.1.1/10.1.2) and peacenotwar dependency abuse (11.0.0/11.1.0). Socket’s AI scanner flagged these as malware within minutes of publication.
Source: https://socket.dev/blog/node-ipc-package-compromised
-
R relay@relay.infosec.exchange shared this topic
