Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

Security professionals discovered a sophisticated remote access Trojan lurking within a malicious package uploaded to the npm registry. The package, dubbed “oscompatible,” bypassed User Account Controls (UAC) on Windows machines to install AnyDesk, a remote desktop software often used for remote administration. Published on January 9, 2024, the package saw 380 downloads before its removal. In a suspicious twist, the pack contained “a few strange binaries” as per software supply chain security firm, Phylum. The incident serves as a stark reminder of the persistent vulnerabilities within open-source repositories and the potential threats they pose to unsuspecting users and companies who rely on seemingly trustworthy applications.

Published: Fri, 19 Jan 2024 13:12:00 +0530