Constant Onslaught of Malicious NPM Packages Bundled With njRAT Malware

Constant Onslaught of Malicious NPM Packages Bundled With njRAT Malware
According to a Sonatype report, there’s a 430% increase in malicious code injection within open-source software (OSS) projects. Recently, cybercriminals have been seen using two malicious packages dubbed as jdb.js and db-json.js to deliver njRAT aka Bladabindi malware.

What’s new?


Sonatype’s security researcher Ax Sharma has found two malicious packages containing a malicious script that gets executed after web developers import and install any of the two malicious libraries.
Both packages described themselves as tools to help developers work with JSON files typically generated by database applications.
The jdb.js package attempts to mimic the legitimate NodeJS-based database library - jdb, and the db-json.js package carries an identical name to the genuine db-json library.
Furthermore, the post-install script of jdb.js attempts to download and run a file named patch.exe that further installs the njRAT.
Researchers have observed more than 100 downloads of these packages from the NPM package registry.

Recent NPM malware components


Several malware components such as discord.dll, discord.app, wsbd.js, ac-addon have been discovered that have already made headlines.


The most recent CursedGrabber campaign was associated with xpc.js malware that was stealing Discord tokens and sensitive user data by targeting Windows hosts.
Earlier, researchers had found two NPM packages, discord.dll and twilio-npm, executing nearly the same tasks with slight differences: stealing sensitive files from Discord application and browsers.

Wrapping up


The npm team has published a
Support the originator by clicking the read the rest link below.