Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

A sophisticated Trojan, engineered to bypass User Account Control (UAC) and install the AnyDesk remote desktop software, has exploited a vulnerability in Node package manager (npm). The malicious package, christened as “oscompatible,” was uploaded onto the npm registry on January 9, 2024 and was subsequently downloaded 380 times before removal.

Software supply chain security firm Phylum identified the threat, uncovering “strange binaries” within the package, which allowed remote access to compromised Windows systems. This incident highlights the substantial risks faced by npm, a critical component of the JavaScript ecosystem, underscoring the need for robust software supply chain security measures.

Published: Fri, 19 Jan 2024 13:12:00 +0530