Socket (@SocketSecurity) “🚨 Socket detected malicious activity in newly published versions of node-ipc, a” — TopicDigg
Socket
@SocketSecurity
Socket is the #1# software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
加入 November 2021
4.6K 正在关注 17.1K 粉丝
🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads.
Affected versions:
node-ipc@9.1.6
node-ipc@9.2.3
node-ipc@12.0.1
Socket’s AI scanner flagged the malware within ~3 minutes of publication.
Early analysis shows obfuscated stealer/backdoor behavior, including host fingerprinting, local file enumeration, payload wrapping, and attempted exfiltration.
显示更多
