blog.phylum.io/npm-emails-validator-package-malware

Preview meta tags from the blog.phylum.io website.

Linked Hostnames

11

Thumbnail

Search Engine Appearance

Google

https://blog.phylum.io/npm-emails-validator-package-malware

NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration

On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on



Bing

NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration

https://blog.phylum.io/npm-emails-validator-package-malware

On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on



DuckDuckGo

https://blog.phylum.io/npm-emails-validator-package-malware

NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration

On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on

  • General Meta Tags

    9
    • title
      NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration
    • charset
      utf-8
    • viewport
      width=device-width, initial-scale=1
    • referrer
      no-referrer-when-downgrade
    • article:published_time
      2023-08-25T18:01:00.000Z
  • Open Graph Meta Tags

    8
    • og:site_name
      Phylum Research | Software Supply Chain Security
    • og:type
      article
    • og:title
      NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration
    • og:description
      On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on
    • og:url
      https://blog.phylum.io/npm-emails-validator-package-malware/
  • Twitter Meta Tags

    11
    • twitter:card
      summary_large_image
    • twitter:title
      Sophisticated NPM malware hiding in email validator
    • twitter:description
      Encrypted binaries, DNS exfiltration, and sophisticated attack chains hidden among a benign email validation tool.
    • twitter:url
      https://blog.phylum.io/npm-emails-validator-package-malware/
    • twitter:image
      https://blog.phylum.io/content/images/size/w1200/2023/08/image--9-.png
  • Link Tags

    12
    • alternate
      https://blog.phylum.io/rss/
    • canonical
      https://blog.phylum.io/npm-emails-validator-package-malware/
    • icon
      https://blog.phylum.io/content/images/size/w256h256/2023/03/phylum-logo.png
    • preconnect
      https://fonts.googleapis.com
    • preconnect
      https://fonts.gstatic.com

Links

18