The legitimate ESLint packages on the npmjs.com registry are called "typescript-eslint" and "@typescript-eslint/eslint-plugin." This has unscrupulous actors publishing a typosquat named "@typescript_eslinter/eslint" that very closely resembles the names of the real libraries, but is up to no good. The counterfeit component has been downloaded thousands of times. Similarly, attacks impersonated another popular npm package "@types/node" with its counterfeit version having scored 6,765 weekly downloads with 20,502 downloads over the course of its lifetime.

Sonatype's 2024 Open Source Malware report highlights that 98.5% of all open source malware discovered by us was published in the npmjs.com registry, which remains a prominent choice among threat actors looking to push their malicious artifacts downstream to millions.

The post Counterfeit ESLint and Node ‘types’ libraries downloaded thousands of times abuse Pastebin appeared first on Security Boulevard.

Ax Sharma

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/12/counterfeit-eslint-and-node-types-libraries-downloaded-thousands-of-times-abuse-pastebin/