Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

In a recent security incident, npm, a package manager for the Node JavaScript platform, became the distribution medium for a stealthy Trojan. A malicious package called “oscompatible” bypassed User Account Control (UAC) on Windows systems to stealthily install the AnyDesk Remote Desktop Software. It marked a worrying development in software supply chain tactics. Gaining traction from its publication on January 9, 2024, the package attracted a total of 380 downloads before it was removed by npm. According to software supply chain security firm Phylum, the “oscompatible” package included several unusual binaries, exploiting the existing vulnerabilities on npm’s platform for malicious purposes.

Published: Fri, 19 Jan 2024 13:12:00 +0530