Phylum (Page 4)

Fake Developer Jobs Laced With Malware

Research

Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and

Phylum Research Team Feb 20, 2024 12 min read

Subscribe to our research

Keep up with the latest software supply chain attacks

Q4 2023 Evolution of Software Supply Chain Security Report

Phylum is the front-runner in software supply chain attack identification and protection. Across the current digital landscape - where open source is used in 97%...

Phylum Research Team Jan 22, 2024 8 min read

npm Package Found Delivering Sophisticated RAT

⚠️This appears to be an ongoing campaign. Since publication, additional packages have been released tied to this threat actor. See the IOCs below. On January...

Phylum Research Team Jan 19, 2024 6 min read

Update to November’s Crypto-Themed npm Attack

Back in November, we published a write-up about a collection of npm packages involved in a complex attack chain. These packages, once installed, would download...

Phylum Research Team Jan 5, 2024 7 min read

Ledger npm Repo Breached in Spear Phishing Attack

Background Today’s security breach at Ledger, a leader in cryptocurrency hardware wallets, has raised significant alarms in the digital assets community. The breach was...

Phylum Research Team Dec 14, 2023 2 min read