Security Affairs

MAY 19, 2023

Experts discovered two malicious packages in the npm package repository, both were laced with an open-source info-stealer called TurkoRat. TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies.

Encryption 79

Encryption Social Engineering Malware Cryptocurrency 79

Security Affairs

MAY 21, 2023

This week, ReversingLabs researchers warned of the presence of two malicious packages, respectively named nodejs-encrypt-agent and nodejs-cookie-proxy-agent, in the npm package repository containing an open-source info-stealer called TurkoRat.

Social Engineering 88

Social Engineering Malware Cryptocurrency Engineering 88

Security Affairs

MAY 29, 2022

sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

InfoSec 100

InfoSec Spyware DDOS Firewall 100

Security Boulevard

OCTOBER 24, 2021

Identify the most popular libraries imported/used in the NPM package index. Act 3: Hijack the committer’s NPM account. Note, the source code in this case was not compromised, but rather altered offline and published into the NPM repository ( as versions 0.7.29 , 0.8.0 , 1.0.0 ). “I which triggered the install of malware”.

Accountability 59

Accountability Malware Marketing Engineering 59

Malwarebytes

APRIL 5, 2021

Finally, we looked at the latest Android “System Update” malware that steals photos, videos, GPS location , and we thought it was time to cool down some fervor and say that, you know what, Internet password books are OK.

VPN 73

VPN Scams Internet Internet 73

SC Magazine

APRIL 9, 2021

Then, hackers broke into Piriform’s servers and inserted malware into CCleaner’s releases. That’s a problem because hackers can easily backdoor libraries or steal SSH credentials. At least one Python package was compromised when someone put a backdoor in the code, copied all the SSH credentials and sent them off to a website.

Software 86

Software Data collection Malware Risk 86

Security Affairs

MAY 4, 2023

Facebook discovered a new information-stealing malware, dubbed ‘NodeStealer,’ that is being distributed on Meta. NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook.

Malware 93

Malware Accountability Advertising Education 93