Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
This package depends on openvpn
and net-tools
sudo apt install openvpn net-tools
npm install vpn-fetch
I created this package out of necessity, and as I haven’t found anything similar in my research I decided to publish it to help anyone out there who are in the same rabbit role that I went trying to achieve the functionality. It is heavily based on this blog post found in this question. To make the network requests it uses the got package, as it supports the localAddress
option.
When executed, it will ask for the root password, it is asked because the openvpn client needs to be run as sudo.
The VPNFetch
constructor takes the VPN config file, and a txt file with the VPN server username and password sepparated by a newline.
import { VPNFetch } from 'vpn-fetch'
import { readdir } from 'fs/promises'
(async ()=>{
const configFiles = await readdir('/etc/openvpn/ovpn_tcp')
const randomConfig1 = configFiles[Math.floor(Math.random() * configFiles.length)]
const vpnFetch1 = new VPNFetch(
'/etc/openvpn/ovpn_tcp/' + randomConfig1,
'./login_information'
)
await vpnFetch1.connect()
const randomConfig2 = configFiles[Math.floor(Math.random() * configFiles.length)]
const vpnFetch2 = new VPNFetch(
'/etc/openvpn/ovpn_tcp/' + randomConfig2,
'./login_information'
)
await vpnFetch2.connect()
const response1 = await vpnFetch1.get('https://ifconfig.me/ip')
console.log('IP 1:', response1.body)
const response2 = await vpnFetch2.get('https://ifconfig.me/ip')
console.log('IP 2:', response2.body)
})()
FAQs
Start multiple vpn servers and make network requests through them
The npm package vpn-fetch receives a total of 8 weekly downloads. As such, vpn-fetch popularity was classified as not popular.
We found that vpn-fetch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.