Research

Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.

Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.

Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.

A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.

Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.

A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.

Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.

The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.

Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.

Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.

A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.

Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.

A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.

Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.

The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.

An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.

Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.

Socket is tracking a new trend where malicious actors are now exploiting the popularity of LLM research to spread malware through seemingly useful open source packages.

Noxia, a new dark web bulletproof host, offers dirt cheap servers for Python, Node.js, Go, and Rust, enabling cybercriminals to distribute malware and execute supply chain attacks.

Socket researchers have uncovered 3.7 million fake GitHub stars, highlighting a growing threat linked to scams, fraud, and malware, with these campaigns rapidly increasing over the last six months.

The Socket Research team breaks down an obfuscated script designed to facilitate unauthorized file uploads to multiple external services.

Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.

The Socket Research Team has identified a malicious Python package that is typosquatting the popular crytic-compile utility, frequently used in popular toolkits and development environments for smart contracts and crypto applications.

The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.

The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.

The "hardhat-gas-optimizer" npm package was found to exfiltrate sensitive data to Pastebin, targeting Ethereum developers using Hardhat tools in their development environment.

Socket discovered two malicious Python packages, enchantv and vibrant, imitating popular packages and targeting victims via a base64 encoded payload in their setup files.

A malicious npm package is targeting Roblox's massive user base to steal sensitive data, with potential impacts for both players and developers on the popular gaming platform.

From unprecedented expansion to security challenges: A comprehensive look at npm's dynamic year 2024.

Socket's research team detected and analyzed a new Python package that distributes Blank Grabber malware for stealing data from applications like Discord and Telegram.

A recently uncovered Python script highlights a spam campaign tactic where malicious actors automate the publishing of spam packages to the npm package registry.

Socket AI detected a malicious package on PyPI that had an abnormally high potential impact and the Socket security researchers investigated finding malicious behavior.

Digging into the Skeleton Squad's recent expansion from PyPI to the npm ecosystem.

Socket AI detected threats in package ecosystems, including counterfeit Roblox and Discord packages. Malware hidden in DNS records and selective data attacks were also spotted, showcasing Socket Security's robust defense capabilities.

The Lazarus Group launched a sophisticated social engineering campaign targeting developers in the cryptocurrency and cybersecurity sectors, using compromised accounts and malware-laden NPM packages.

Socket has been protecting organizations from "manifest confusion" attacks for 9 months before it was publicly disclosed.

The npm public registry is drowning in a tsunami of spam and phishing, and it's all thanks to everyone's favorite gun-toting antihero, John Wick.

Proposing a more usable RegExp for JS in light of async I/O and streaming.

We have been using GPT at Socket to help triage the npm package firehose for a couple months now. Here is what it is like after actual experience.

A package published an anomalous 11460 versions in 4 months, Socket Security had to figure out if it was something to be concerned about.

Circumventing Chinese censorship: Plethora of eBooks pervade these GitHub and npm repositories containing contents of banned websites like 'The Economist'

npm package ‘state-counter’ mimics StatCounter but instead pops open a very NSFW website.

Yet another attack vector that allows malicious packages to pwn you.