Fake Email Validation NPM Package Contains C2 and Sophisticated Data Exfiltration

blog.phylum.io

cross-posted to:
netsec

Fake Email Validation NPM Package Contains C2 and Sophisticated Data Exfiltration

blog.phylum.io

L4sBotB to

Security Operations • 2 years ago

cross-posted to:
netsec

NPM Package Masquerading as Email Validator Contains C2 and Sophisticated Data Exfiltration

blog.phylum.io

On the morning of August 24, Phylum's automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on

Fake Email Validation NPM Package Contains C2 and Sophisticated Data Exfiltration::On the morning of August 24, Phylum’s automated risk detection system identified a suspicious package published to npm called “emails-helper." A deeper investigation revealed that this package was part of an intricate attack involving Base64-encoded and encrypted binaries. The scheme fetches encryption keys from a DNS TXT record hosted on

You must log in or register to comment.

Chat