« Previous 1 2
News for Admins
Tech News
Malware Discovered in npm Registry
If you work with npm, you should be warned of a piece of malware called web-browserify. This new piece of malicious software imitates the official Browserify component, which uses a node-style require()
to organize browser code and load modules installed by npm.
This malware, which falls under the label "brandjacking," has been associated with the Browserify component, because of its massive popularity (with over 1.3 million weekly downloads via npm).
As soon as web-browserify is installed, it launches its payload and targets Node.JS developers. This package was only about 27MB in size and included one version (1.0.0). Within the package is a postinstall.js
file that extracts an archive named run.tar.xz
, which includes an ELF binary named run
(the actual malicious payload).
Very soon after it was discovered, web-browserify was taken down from the npm repository. That doesn't mean, however, that it hasn't been mistakenly installed. To find out if web-browserify was installed on your system, issue the command npm list
. If you find the app installed, remove it with the command npm uninstall web-browserify
. However, even if you remove the package, the malicious code probably already has been launched, and you'll need to take other measures.
To find out more about web-browserify, check out Sonatype's blog (https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt) about the discovery.
« Previous 1 2
Buy this article as PDF
(incl. VAT)