Join us

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice

@faun ・ Jul 28,2024

Researchers identified two fake AWS packages in the NPM JavaScript repository that backdoored developers' computers by hiding malicious code in JPG images processed during package installation. The packages, mimicking a legitimate AWS library, downloaded hundreds of times before removal, used steganography to conceal the backdoor code. Despite the packages being flagged and removed, their availability for nearly two days highlights vulnerabilities in malware detection systems in open source software.

Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

Unsubscribe anytime. By subscribing, you share your email with @faun and accept our Terms & Privacy.

Give a Pawfive to this post!

Only registered users can post comments. Please, login or signup.

Share with your friends and followers

Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.

Join other developers and claim your FAUN.dev() account now!

Publish your first story!

The FAUN

FAUN.dev()

@faun

The FAUN watches over the forest of developers. It roams between Kubernetes clusters, code caves, AI trails, and cloud canopies, gathering the signals that matter and clearing out the noise.