Beware: Sneaky NPM Packages Pose as Telegram Bot API, Hide Nasty Surprises!
Cybersecurity researchers have discovered three npm packages masquerading as a popular Telegram bot library but actually containing SSH backdoors. These packages trick developers through a technique called starjacking, granting attackers remote access. Removing them doesn’t eliminate the threat, as the inserted keys allow ongoing access for data theft and further code execution.
Hot Take:
Beware the Trojan horse in your Telegram! Cyber sleuths have uncovered some sneaky imposters in the npm registry, masquerading as legitimate Telegram bot libraries. But don’t be fooled – these packages are packing SSH backdoors and data exfiltration capabilities. It’s like expecting a cute cat video and getting a horror movie instead!
Key Points:
- The npm registry is harboring three malicious packages that mimic a popular Telegram bot library.
- These rogue packages implement a sneaky technique called starjacking to boost their credibility.
- The packages are designed for Linux systems and add SSH keys for persistent access.
- Removing these packages doesn’t remove the threat, as SSH keys remain for continued access.
- Another malicious package, @naderabdi/merchant-advcash, disguises itself as a payment utility.
Already a member? Log in here