Posted by - November 20, 2020

The world’s largest software registry, NPM, removed three packages from their site on Thursday after discovering that they contained malicious code.  Each of the packages were ‘libraries’ for the coding language JavaScript.  A library is a collection of resources often used for software development. Because libraries can contain so many different types of data, they are a perfect place to hide malware.  These packages remained on the site for over a year before NPM, the hosting site, removed them.

So what makes this code so dangerous? When downloaded, they create a ‘shell’ on the user’s computer.  This ‘shell’ allows bad actors to connect remotely to the user’s device.  This means that the bad actors had complete access to the information stored on the computer. They could even download more malware to the device so that removing the package did not remove their access.  For this reason, NPM stated that any computer with these packages installed should be considered ‘fully compromised’.

If you downloaded these packages on your devices, you are at risk. You should take some steps to secure your information:

  • Think about wiping your computer.
  • Rotate any sensitive information from a different computer.
  • Remove the package from your computer.

Finally, this is a situation where you should consider seeking outside help.  If you want to keep the compromised device, an outside IT firm is a great resource to make sure that your information is secure.  Contact us here if you think that this may have affected your computer. You can also call us at (703) 790-0400.

Leave a Reply

Your email address will not be published. Required fields are marked *