Sophisticated npm Malware Campaign Uses Clever Evasion Techniques
2025-03-26
A recent sophisticated malware campaign leveraged two seemingly benign npm packages, ethers-provider2 and ethers-providerz, to inject malicious code into locally installed `ethers` packages. These packages cleverly hide their malicious payload, ultimately establishing a reverse shell connection to the attacker's server. Even after removing the malicious packages, the malicious functionality may persist due to the attackers' clever injection method. This highlights the ongoing risk of malicious packages in open-source repositories and the need for enhanced security measures.
Development
npm security