The Anatomy of a Malicious Package
What does a malicious package actually look like in practice? We'll walk through some hypothetical exercises to see how malware generally works, and what sort of functions we might expect, from relatively simple and temporary, to complex. Additionally, as we are focused primarily on Javascript for this post, we really need to think about two different threat models: what does in-browser malware look like, and how is that going to differ from on-host malware? Attacker Motivations and Mentality As we begin this thought experiment, the first thing to consider is what a potential attacker's targets and goals would be. On-Host The whole concept of "on-host" malware in NPM packages seems a bit unintuitive at first blush, as the immediate association is generally with browser-focused concerns - which must be safe, since the run in the browser sandbox. There are, interestingly enough, some serious advantages from an attacker's perspective.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
Studying Android malware behaviors through Information Flow monitoring techniques.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
A tool for finding and exploiting SQL injection vulnerabilities in web applications
Management portal for LoKi scanner with centralized database for scanning activities.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.