CyberSum logo
Back

Vidar Infostealer Malware Hits npm Ecosystem

Cyber Security News by CyberSum.net
4 sources
Datadog Security Research discovered a sophisticated supply chain attack targeting the npm ecosystem. The campaign, attributed to threat actor cluster MUT-4831, involved 17 malicious packages designed to deliver the Vidar infostealer malware to Windows systems. These packages masqueraded as legitimate software development kits and libraries, executing destructive payloads through postinstall scripts. Despite being live for approximately two weeks, the packages were downloaded at least 2,240 times before removal. The Vidar malware, a Go-compiled variant, aggressively harvests sensitive data and uses hardcoded Telegram and Steam accounts for command-and-control infrastructure. The campaign highlights the persistent vulnerability of open-source package ecosystems to supply chain exploitation.

Also Read

Malicious NuGet Packages Target Databases and Siemens PLCs

Researchers discovered nine malicious NuGet packages designed to sabotage database operations and Siemens S7 industrial control systems. These packages, published under the developer name shanhai666, contain legitimate functionality alongside harmful code scheduled to activate between 2027 and 2028. The most dangerous package, Sharp7Extend, targets Siemens PLCs with dual sabotage mechanisms, including immediate process termination and delayed write corruption. Organizations are advised to audit their systems for these packages and assume compromise if found.

By Cyber Security News by CyberSum.net