Malicious npm Packages Target Redis and PostgreSQL with Persistent Implants

Cybersecurity researchers have made a disturbing discovery, uncovering 36 malicious packages in the npm registry that masquerade as Strapi CMS plugins.

These packages, although appearing harmless, contain malicious payloads designed to exploit vulnerabilities in Redis and PostgreSQL databases, ultimately leading to the deployment of reverse shells, credential harvesting, and the installation of persistent implants.

Notably, each of the 36 packages follows a consistent pattern, comprising three specific files: package.json, index.js, and postinstall.js, with the absence of a description or repository further raising suspicions about their legitimacy.

The presence of these malicious packages in the npm registry highlights the importance of vigilance and scrutiny when integrating third-party components into projects, emphasizing the need for robust security measures to prevent such exploits.

Given the potential for widespread impact, developers and security professionals must remain alert to the dangers posed by these disguised packages, ensuring the security and integrity of their applications and databases.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Embracing Innovation: The Shift Away from ‘Doctor No’ in Enterprise Security

Fortinet Releases Emergency Patch for Actively Exploited CVE-2026-35616 Vulnerability in FortiClient EMS