Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Malicious npm Packages Contain TurkoRat

May 22, 2023
Reading Time: 1 min read
in Alerts
Malicious npm Packages Contain TurkoRat

 

Two malicious packages, nodejs-encrypt-agent and nodejs-cookie-proxy-agent, were discovered in the npm package repository containing the TurkoRat open-source info-stealer.

TurkoRat is a sophisticated information-stealing malware that targets various sensitive data, employs anti-detection measures, and can evade analysis. The packages were downloaded approximately 1,200 times before being detected, with the nodejs-encrypt-agent being disguised as a legitimate package named agent-base in the npm page but having a different name in the readme.md file.

The discovery of these packages highlights the risks of supply chain attacks and social engineering tactics used to deceive developers into unwittingly downloading malicious packages.

The attackers behind TurkoRat provide instructions for the use of the malware while claiming no responsibility for any resulting damages. After the disclosure, both packages were promptly removed from the npm repository.

While the impact of these specific packages was limited, with nodejs-encrypt-agent downloaded about 500 times and nodejs-cookie-proxy-agent downloaded fewer than 700 times, they likely led to the execution of TurkoRat on numerous developer machines. Assessing the long-term consequences of these compromises remains challenging.

Organizations are advised to scrutinize the packages used by their development teams, paying attention to irregularities such as typos or unusual version numbers, in order to mitigate supply chain risks and protect against similar attacks in the future.

Reference:
  • RATs found hiding in the npm attic
Tags: Cyber AlertCyber Alerts 2023CyberattackInfostealersMay 2023npmRATturkorat
ADVERTISEMENT

Related Posts

Fake PyPI Login Site Steals Credentials

Fake PyPI Login Site Steals Credentials

September 26, 2025
Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

September 26, 2025
Fake PyPI Login Site Steals Credentials

Hidden WordPress Backdoors Create Admins

September 26, 2025
BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025

Latest Alerts

Fake PyPI Login Site Steals Credentials

Google Warns of BRICKSTORM Malware

Hidden WordPress Backdoors Create Admins

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Indian Bank Transfer Records Exposed

    Chinese Cyberspies Hit US Defense Firms

    Neon App Shuts Down After Data Leak

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial