North Korean XORIndex malware hidden in 67 malicious NPM packages

https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/

31•Bogdanp•6mo ago

Comments

bn-l•6mo ago

It’s weird how an npm package can just do all this still, to this day.

Bridged7756•6mo ago

Given the size of the JavaScript ecosystem, it is indeed baffling how behind npm is. One npm i and a typo away from getting hacked.

owebmaster•6mo ago

I "got" hacked by a North Korean hacker. I was lucky the dumb virus was meant for Mac and Windows, not Linux. It got installed to my computer but attempted to steal credentials in places there did not exist in my computer, but it was a close call.

After that I never used npm again.

braebo•6mo ago

How did you know? Now I’m worried I’ve been hacked a billion times testing npm packages just today.

owebmaster•6mo ago

> How did you know?

A recruiter profile disappeared from my inbox in linkedin after I sent a PR to a github project for a an interview so I got suspicious and checked if there was any unrecognized open connection usng `lsof -nPi | grep ESTABLISHED` and there was one, found the script, read it to see what it did - tried to steal crypto and browser credentials.

To be sure it did not install other stuff I could not find I did a full reinstall of the OS. Now I don't use npm ever again.

hulitu•6mo ago

> How did you know?

He installed npm, pypy and cargo. /s

hollerith•6mo ago

Do you use apps built on Electron? The npm packages chosen for inclusion in the app are not sandboxed in any way IIUC (at least on Linux that is the case).

Some security people are warning against Electron (at least on Linux):

https://github.com/secureblue/secureblue/issues/193#issuecom...

owebmaster•6mo ago

Yeah. Only Codium (VSCode fork) tho and now that I thought about it, time to stop using it.

cyanydeez•6mo ago

North korea and others are likely going if not already, setup an uno reverso and get applicants to do screening tests that require downloading malicious packages.

leggomuhgreggo•6mo ago

It must be "sanctions renewal" season!

The vipers in the big nest need a bunch of trash cyber security media to premise renewal of sanctions against DPRK.

Bless our patriotic vipers, and their white hat hackers/influencers.

Level Up Your Gaming

Di.day is a movement to encourage people to ditch Big Tech

Show HN: AI generated personal affirmations playing when your phone is locked

Show HN: GTM MCP Server- Let AI Manage Your Google Tag Manager Containers

Launch of X (Twitter) API Pay-per-Use Pricing

Facebook seemingly randomly bans tons of users

Global Bird Count

What Is Ruliology?

Jon Stewart – One of My Favorite People – What Now? With Trevor Noah Podcast [video]

P2P crypto exchange development company

Vocal Guide – belt sing without killing yourself

Write for Your Readers Even If They Are Agents

Knowledge-Creating LLMs

Maple Mono: Smooth your coding flow

Sid Meier's System for Real-Time Music Composition and Synthesis

Show HN: Slop News – HN front page now, but it's all slop

Show HN: Empusa – Visual debugger to catch and resume AI agent retry loops

Show HN: Bitcoin wallet on NXP SE050 secure element, Tor-only open source

White House Explores Opening Antitrust Probe on Homebuilders

Show HN: MindDraft – AI task app with smart actions and auto expense tracking

How do you estimate AI app development costs accurately?

Going Through Snowden Documents, Part 5

Show HN: MCP Server for TradeStation

Canada unveils auto industry plan in latest pivot away from US

The essential Reinhold Niebuhr: selected essays and addresses

Rentahuman.ai Turns Humans into On-Demand Labor for AI Agents

StovexGlobal – Compliance Gaps to Note

Show HN: Afelyon – Turns Jira tickets into production-ready PRs (multi-repo)

Trump says America should move on from Epstein – it may not be that easy

Tiny Clippy – A native Office Assistant built in Rust and egui

Level Up Your Gaming

Di.day is a movement to encourage people to ditch Big Tech

Show HN: AI generated personal affirmations playing when your phone is locked

Show HN: GTM MCP Server- Let AI Manage Your Google Tag Manager Containers

Launch of X (Twitter) API Pay-per-Use Pricing

Facebook seemingly randomly bans tons of users

Global Bird Count

What Is Ruliology?

Jon Stewart – One of My Favorite People – What Now? With Trevor Noah Podcast [video]

P2P crypto exchange development company

Vocal Guide – belt sing without killing yourself

Write for Your Readers Even If They Are Agents

Knowledge-Creating LLMs

Maple Mono: Smooth your coding flow

Sid Meier's System for Real-Time Music Composition and Synthesis

Show HN: Slop News – HN front page now, but it's all slop

Show HN: Empusa – Visual debugger to catch and resume AI agent retry loops

Show HN: Bitcoin wallet on NXP SE050 secure element, Tor-only open source

White House Explores Opening Antitrust Probe on Homebuilders

Show HN: MindDraft – AI task app with smart actions and auto expense tracking

How do you estimate AI app development costs accurately?

Going Through Snowden Documents, Part 5

Show HN: MCP Server for TradeStation

Canada unveils auto industry plan in latest pivot away from US

The essential Reinhold Niebuhr: selected essays and addresses

Rentahuman.ai Turns Humans into On-Demand Labor for AI Agents

StovexGlobal – Compliance Gaps to Note

Show HN: Afelyon – Turns Jira tickets into production-ready PRs (multi-repo)

Trump says America should move on from Epstein – it may not be that easy

Tiny Clippy – A native Office Assistant built in Rust and egui

North Korean XORIndex malware hidden in 67 malicious NPM packages

Comments