New npm attack poisons local packages with backdoors
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]
A reverse shell lets an attacker control a compromised host remotely; egress filtering, least privilege, and endpoint monitoring can limit impact.
Search across headline titles and summaries.
Background for this topic.
A reverse shell is an interactive command channel that a compromised host initiates to a remote system controlled by an attacker. The remote endpoint listens while the victim makes the outbound connection, which can make the channel viable even when inbound connections are blocked; it does not, by itself, bypass every firewall or security control. Attackers commonly obtain one after exploiting a vulnerable service, using stolen credentials, or executing malicious code, then operate with the compromised account’s permissions.
Its security significance is remote command execution: an attacker may install tools, steal accessible secrets, move to other systems, or attempt privilege escalation. Outbound traffic from an unusual process, destination, port, or time can provide a useful detection signal, especially when endpoint telemetry links a connection to a shell or scripting interpreter. Key defenses are restrictive egress filtering, patching exposed services, least privilege, and network segmentation. If detected, isolate the host, terminate the channel, and investigate the originating process and persistence mechanisms.
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]