Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

The npm registry has become a breeding ground for cybersecurity attackers after a malicious package named “oscompatible” was found to compromise Windows systems. Uploaded to npm on January 9, 2024, the Trojan infected 380 machines before it was eventually brought down. The npm Trojan, exploiting security vulnerabilities to bypass User Access Control (UAC), was equipped with the capacity to install AnyDesk on the infiltrated machines. Security firm Phylum, upon assessing the damage, mentioned having found “a few strange binaries” in the package, pointing to sophisticated attempt to breach.

Published: Fri, 19 Jan 2024 13:12:00 +0530