Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices
1 min read
Oct 21, 2021
Multiple malicious packages have been identified on the npm registry this month. These packages disguise themselves as legitimate JavaScript libraries, but have been caught launching cryptominers on Linux, Windows and MacOS machines.
The malicious packages are:
- okhsa
- klow
- klown
“klow, klown” have been tracked under Sonatype-2021-1472. Whereas, “okhsa” has been cataloged under Sonatype-2021-1473.
Different versions of the “okhsa” package largely contain skeleton code that launches the Calculator app on Windows machines pre-installation. But additionally, these versions contain either the “klow” or the “klown” npm package as a dependency—which is malicious.
The link for this article located at Security Boulevard is no longer available.
Related Articles
1 - 0 min read
White House Warns: Move to Memory-Safe Languages
1 - 0 min read
Analyzing AcidPour: A New and Evolving Linux Malware Threat
