Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
May 19, 2023
DevOpsSec / Supply Chain
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat . The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke down the details of the campaign, described TurkoRat as an information stealer capable of harvesting sensitive information such as login credentials, website cookies, and data from cryptocurrency wallets. While nodejs-encrypt-agent came fitted with the malware inside, nodejs-cookie-proxy-agent was found to disguise the trojan as a dependency under the name axios-proxy. nodejs-encrypt-agent was also engineered to masquerade as another legitimate npm module known as agent-base , which has been downloaded over 25 million times to date. The list of the rogue packages and their a...