All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence

By

Tushar Subhra Dutta

10d ago· 5 min readenNews

Summary

A malware campaign targets Windows systems via a typosquatted npm package called postcss-minify-selector-parser, disguised as the legitimate postcss-selector-parser. When developers install the fake package, it deploys a full-featured Remote Access Trojan (RAT) that uses encrypted HTTP command-and-control (C2) communication and registry persistence to maintain access to infected machines.

Source

bskyTyposquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistencecybersecuritynews.com

Key quotes

· 3 pulled
Disguised as a legitimate CSS build tool, the malicious package quietly installs a full-featured Remote Access Trojan, or RAT, on developer machines.
The attack is subtle, well-crafted, and far more dangerous than it first appears.
The infection begins with a typosquatted npm package called postcss-minify-selector-parser, designed to look like the widely trusted postcss-selector-parser, which sees over 150 million weekly downloads.
Snippet from the RSS feed
A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate CSS build tool, the malicious package quietly installs a full-featured Remote Access Trojan, or RAT, on developer m

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.