skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Malicious Code Found in npm Package @0xengine/xmlrpc

/ 1 min read

Malicious npm package exploits software supply chain vulnerabilities. Researchers from Checkmarx have uncovered a year-long software supply chain attack involving the npm package @0xengine/xmlrpc, which initially appeared as a benign library before incorporating malicious code. This code, introduced in version 1.3.4, is designed to steal sensitive data and mine cryptocurrency from infected systems. The malware collects information such as SSH keys and environment variables, exfiltrating it via services like Dropbox. The attack leverages both direct npm installations and hidden dependencies in legitimate repositories, highlighting the need for ongoing vigilance in software supply chain security. Additionally, Datadog Security Labs reported a related campaign targeting Windows users with counterfeit packages on npm and PyPI, further emphasizing the risks developers face from malicious actors.