New npm attack poisons local packages with backdoors
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]
A reverse shell lets an attacker control a compromised host remotely; egress filtering, least privilege, and endpoint monitoring can limit impact.
Search across headline titles and summaries.
Background for this topic.
A reverse shell is an interactive command channel that a compromised host initiates to a remote system controlled by an attacker. The remote endpoint listens while the victim makes the outbound connection, which can make the channel viable even when inbound connections are blocked; it does not, by itself, bypass every firewall or security control. Attackers commonly obtain one after exploiting a vulnerable service, using stolen credentials, or executing malicious code, then operate with the compromised account’s permissions.
Its security significance is remote command execution: an attacker may install tools, steal accessible secrets, move to other systems, or attempt privilege escalation. Outbound traffic from an unusual process, destination, port, or time can provide a useful detection signal, especially when endpoint telemetry links a connection to a shell or scripting interpreter. Key defenses are restrictive egress filtering, patching exposed services, least privilege, and network segmentation. If detected, isolate the host, terminate the channel, and investigate the originating process and persistence mechanisms.
Weekly headline count for the current query.
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]
A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a "magic packet" in the network traffic. [...]
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices. [...]
A new, stealthier variant of the Linux malware 'BPFDoor' has been discovered, featuring more robust encryption and reverse shell communications. [...]
A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs. [...]
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. [...]