Phylum

Fake AWS Packages Ship Command and Control Malware In JPEG Files

Research

On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they

Phylum Research Team Jul 14, 2024 5 min read

Subscribe to our research

Keep up with the latest software supply chain attacks

New Tactics from a Familiar Threat

For over a year, Phylum has been exposing North Korean threat actors attacking software developers in the open-source supply chain. This blog post highlights evolving...

Phylum Research Team Jul 8, 2024 9 min read

Persistent npm Campaign Shipping Trojanized jQuery

Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant...

Phylum Research Team Jul 3, 2024 8 min read

A Note About Polyfill

Background On June 25, 2024, Sansec issued an alert to developers regarding a serious supply-chain security incident. The CDN on the polyfill[.]io domain was...

Phylum Research Team Jun 27, 2024 32 min read

npm Package Caught Stealing Crypto Browser Extension Data

On May 30, 2024 Phylum’s automated risk detection platform alerted us to a suspicious publication on npm. The package in question is called react-zutils...

Phylum Research Team Jun 5, 2024 8 min read