#packagesecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #packagesecurity, aggregated by home.social.
-
Introducing wormbox!
Transparent sandbox + pre-install audit for the macOS Node.js toolchain (npm, pnpm, yarn, bun). Every install runs under sandbox-exec; the audit reads tarballs first and flags the shapes seen in chalk, debug, Shai-Hulud: window.ethereum proxies, atob+eval lifecycle scripts, decoded payloads fed to Function(). AWS_*/GH_TOKEN never reach postinstall.
-
Introducing wormbox!
Transparent sandbox + pre-install audit for the macOS Node.js toolchain (npm, pnpm, yarn, bun). Every install runs under sandbox-exec; the audit reads tarballs first and flags the shapes seen in chalk, debug, Shai-Hulud: window.ethereum proxies, atob+eval lifecycle scripts, decoded payloads fed to Function(). AWS_*/GH_TOKEN never reach postinstall.
-
The “Graphalgo” campaign represents a modular software supply-chain intrusion targeting developers directly.
Per ReversingLabs findings:
• 192 malicious npm/PyPI packages
• Delayed payload activation (post-version change)
• GitHub repos clean — malicious logic introduced via dependency chain
• RAT variants in JS, Python, VBS
• MetaMask wallet targeting
• Token-protected C2 channels
• GMT+9 commit indicatorsAttribution aligns with historical tradecraft associated with Lazarus Group:
Crypto-focused targeting
Recruitment vector infection
Patience-based staged activationThis is a direct developer-layer attack bypassing enterprise perimeter defenses.
Are dependency registries the new primary attack surface?
Engage below.Follow @technadu for advanced threat analysis.
#ThreatIntel #SupplyChainSecurity #MalwareAnalysis #RAT #OpenSourceSecurity #DevSecOps #LazarusGroup #PackageSecurity #AppSec #BlueTeam #CyberThreats #IoC #Infosec