Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

A grave cybersecurity concern has arisen due to an intrusive npm Trojan found bypassing User Account Control (UAC) and installing AnyDesk through a maliciously coded package named “oscompatible”. This package was detected in the npm registry, notorious for deploying a sophisticated remote access Trojan onto compromised Windows machines. Published on January 9, 2024, it was downloaded 380 times before its removal. The software supply chain security firm, Phylum, found a few unusual binaries in “oscompatible,” marking it as a severe threat. The discovery underscores the perpetual vulnerability of the digital software supply chain, reinforcing the importance of stringent security measures to prevent breaches and hacks.

Published: Fri, 19 Jan 2024 13:12:00 +0530