Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Rogue NPM Packages Imagine API Bot Telegram for Landing Ssh Backdoors on Linux Systems
Global Security

Rogue NPM Packages Imagine API Bot Telegram for Landing Ssh Backdoors on Linux Systems

AdminBy AdminApril 19, 2025No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


April 19, 2025Red LakshmananLinux / malicious program

Cybersecurity researchers have discovered three malicious packages in the NPM register, which is masked as a popular Telegram Bot Library, but Harbour SSH Backdoor and the data exports.

Under consideration packages are given below –

Cybersecurity

According to the safety of the supply chains, the packages are designed to simulate Node-Telegram-Bot-APIPopular API Node.js Telegram with more than 100,000 Weeking Downloads. Three libraries are still available for download.

“Although this number may seem modest – Note.

“The supply security incidents repeatedly indicate that even several institutions may have catastrophic consequences, especially if the attackers get direct access to developer systems or production servers.”

Rogue packages not only repeat the description of the legitimate library, but also use a technique called star In an attempt to increase authenticity and deceive anything uninhabited developers to download them.

Starjacking refers to the approach when the open source package becomes more popular than it is by binding GITHUB repository related to the legitimate library. Usually, this uses no check -up between the package and GITHUB repository.

SSH Backdoors on Linux Systems

Socket analysis showed that packages are designed to work on Linux systems, adding two SSH keys to the “~/.SSH/Authorized_Keys” file, thus giving the attackers constant remote access.

The scenario is designed to collect the username of the system and external IP -DAS, contacting “IPinfo (.) IO/IP”. It is also beacons on the external server (“Blog Solana.validator (.)”) To confirm the infection.

What makes the packages insightful, this is that the removal does not completely eliminate the threat, as the inserted SSH KEYS provides unobstructed remote access to the threat to subsequent code and exclusion data.

Cybersecurity

Disclosure of the information occurs when the socket detail has described another harmful package named @nadrabdi/Merchant-Dvcash This is designed to launch the return shell on a remote server, masking into Volet (previously ADVCash).

“Package @nadarabdi/Merchant-Advcash contains a tough logic that opens the return shell to a remote server after calling for success in payment,” company company – Note. “It is disguised as useful for sellers to get, confirm and manage cryptocurrency or fiat payments.”

“Unlike many malicious packages that perform the code during the installation or import, this useful load is delayed, in particular, after a successful transaction. This approach can help to avoid detection because the harmful code works only under certain conditions of execution.”

Found this article interesting? Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.