Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

The npm registry recently confronted a serious security breach with the discovery of a rogue package named “oscompatible”. Uploaded on January 9, 2024, the malicious package sidestepped User Account Control (UAC) to deploy a sophisticated remote access trojan on compromised Windows machines. Notably, this package carried the functionality to install AnyDesk, effectively facilitating unauthorized access to the infected machine. Software supply chain security firm, Phylum, reported multiple ‘unusual binaries’ present within the “oscompatible” package. Although promptly taken down, the package managed to tally up to 380 downloads, thereby indicating a potential risk to the same number of machines or networks.

Published: Fri, 19 Jan 2024 13:12:00 +0530