Blog | ReversingLabs | Lucija Valentić

December 20, 2024

A new playground: Malicious campaigns proliferate from VSCode to npm

To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.

November 21, 2024

Differential analysis raises red flags over @lottiefiles/lottie-player

Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.

June 26, 2024

Malicious npm package targets AWS users

The package's history is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.

April 3, 2024

Malicious helpers: VS Code Extensions observed stealing sensitive information

Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.

January 23, 2024

GitGot: GitHub leveraged by cybercriminals to store stolen data

ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.

October 4, 2023

Typosquatting campaign delivers r77 rootkit via npm

One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.

August 22, 2023

Fake Roblox packages target npm with Luna Grabber info-stealing malware

ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository.

July 6, 2023

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.

May 18, 2023

RATs found hiding in the npm attic

ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an infostealer that lurked on npm for months before being detected.

April 24, 2023

Package names repurposed to push malware on PyPI

What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.

February 22, 2023

Developers beware: Imposter HTTP libraries lurk on PyPI

ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.

February 9, 2023

Open-source repository malware sows Havoc

Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Lucija Valentić

Recent Posts from Lucija Valentić

A new playground: Malicious campaigns proliferate from VSCode to npm

Differential analysis raises red flags over @lottiefiles/lottie-player

Malicious npm package targets AWS users

Malicious helpers: VS Code Extensions observed stealing sensitive information

GitGot: GitHub leveraged by cybercriminals to store stolen data

Typosquatting campaign delivers r77 rootkit via npm

Fake Roblox packages target npm with Luna Grabber info-stealing malware

Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks

RATs found hiding in the npm attic

Package names repurposed to push malware on PyPI

Developers beware: Imposter HTTP libraries lurk on PyPI

Open-source repository malware sows Havoc

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Lucija Valentić

Recent Posts from Lucija Valentić

Topics

Follow us

Subscribe

Special Reports