36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Researchers discovered 36 malicious npm packages masquerading as Strapi CMS plugins in the official npm registry. These packages target Redis and PostgreSQL databases to deploy reverse shells, harvest credentials, and establish persistent implants on compromised systems. Each malicious package contains three files (package.json, index.js, postinstall.js) and appears to have no description or repository information, common indicators of malicious packages. The attack vector exploits the software supply chain by compromising a trusted package registry, potentially affecting developers who unknowingly install these plugins. Organizations should audit their npm dependencies, implement package integrity verification, and monitor for unauthorized database access or suspicious outbound connections from development environments.

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,

Researchers discovered 36 malicious npm packages masquerading as Strapi CMS plugins in the official npm registry. These packages target Redis and PostgreSQL databases to deploy reverse shells, harvest credentials, and establish persistent implants on compromised systems. Each malicious package contains three files (package.json, index.js, postinstall.js) and appears to have no description or repository information, common indicators of malicious packages. The attack vector exploits the software supply chain by compromising a trusted package registry, potentially affecting developers who unknowingly install these plugins. Organizations should audit their npm dependencies, implement package integrity verification, and monitor for unauthorized database access or suspicious outbound connections from development environments. Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository, Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,