MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
npm
Search

Invisible npm malware pulls a disappearing act – then nicks your tokens

Thursday October 30, 2025. 03:19 PM , from TheRegister
PhantomRaven slipped over a hundred credential-stealing packages into npm
A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…
Read more at TheRegister
https://go.theregister.com/feed/www.theregister.com/2025/10/30/phantomraven_npm_malware/

Related News

npm Apple Pulls China’s Top Gay Dating Apps After Government Order Wired: Tech.Nov 10
packages Cybercrims plant destructive time bomb malware in industrial .NET extensions TheRegisterNov 7
tokens Gootloader malware back for the attack, serves up ransomware TheRegisterNov 6
pulls Malware-pwned laptop gifts cybercriminals Nikkei's Slack TheRegisterNov 6
malware Attackers abuse Gemini AI to develop ‘Thinking Robot’ malware and data processing agent for spying purposes TheRegisterNov 5
invisible Russian spies pack custom malware into hidden VMs on Windows machines TheRegisterNov 4
nicks Win10 still clings to over 40% of devices weeks after Microsoft pulls support TheRegisterNov 4
phantomraven OpenAI API moonlights as malware HQ in Microsoft’s latest discovery TheRegisterNov 4
act The Curious Case of the Bizarre, Disappearing Captcha SlashdotNov 3
disappearing The Curious Case of the Bizarre, Disappearing Captcha Wired: Tech.Nov 3
then Attackers targeting unpatched Cisco kit notice malware implant removal, install it again TheRegisterNov 3
npm YouTube's AI Moderator Pulls Windows 11 Workaround Videos, Calls Them Dangerous SlashdotOct 31
packages YouTube's AI moderator pulls Windows 11 workaround videos, calls them dangerous TheRegisterOct 31
tokens Android malware types like your gran to steal banking creds TheRegisterOct 28
pulls IObit releases Malware Fighter 13 with pre-boot scanning and behavior-based detection BetaNewsOct 27
malware Hackers Used Thousands of YouTube Videos To Spread Malware SlashdotOct 24
invisible Browser Promising Privacy Protection Contains Malware-Like Features, Routes Traffic Through China SlashdotOct 24
nicks AI-powered malware surges as cybercriminals exploit automation and geopolitical tensions BetaNewsOct 24
phantomraven Google nukes 3,000 YouTube videos that sowed malware disguised as cracked software TheRegisterOct 23
act SpaceX pulls plug on 2,500 Starlink terminals tied to Myanmar fraud farms TheRegisterOct 23
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Nov, Sun 23 - 22:47 CET