Tag: malware

Jan 16, 2025 · SafeDep Team
Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
- npm
- malware
Dec 11, 2024 · SafeDep Team
npm - The Playground for Malicious Packages
Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.
- npm
- malware
Nov 4, 2024 · SafeDep Team
Malicious Open Source Library Analysis: llm-oracle and its Payload
Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.