'web-browserify' Malware Mimics a Legitimate npm Package

file encryption tool or not

Cybercriminals often exploit legitimate resources in an attempt to amplify their attacks or the reach of their operations. One recent campaign has seen the use of this exact strategy. This time, the criminals targeted an online repository used to share JavaScript code and scripts with other software developers. The service in question is the Node Package Manager (npm,) which is a part of GitHub. It is home to numerous helpful scripts and libraries that millions of developers around the world use, and one of these modules is called 'browserify.' It easily racks up tens of thousands of downloads every week, and it is perfectly legitimate – however, the criminals uploaded a fake copy of it called 'web-browserify.' Developers who accidentally downloaded the knock-off version may have unknowingly introduced the so-called 'web-browserify' Malware to their device. It is important to add that this malware affects Mac and Linux systems exclusively, and it is no longer hosted on the npm platform.

'web-browserify' Malware Evades Virtual Environments, and Performs an Odd Destructive Maneuver

The 'web-browserify' Malware has some basic checks to try and avoid virtual environments, which could be used for malware analysis. The full scope of its functionality and goals is not yet clear, and cybersecurity experts note that it tends to exhibit some strange behavior. So far, 'web-browserify' Malware appears to function like a low-quality information stealer, which goes after software and hardware details, device information, usernames, etc. The strange part is that it tries to wipe out the contents of the '/etc/ directory on Linux/Mac directories – it is a core part of these operating systems, and having it wiped out is likely to prevent the system from booting.

Trying to steal small bits of information while trying to break the infected system in the meantime is a strange approach, and it is likely that 'web-browserify' Malware's creators have other plans as well. However, so far, the malware has not exhibited any other behavior. While the malicious npm package is not available any longer, it is likely that the criminals behind the operation will soon explore other malware propagation channels. To keep your Linux and Mac systems safe, you should rely on reputable antivirus software.

By Ruik
April 30, 2021
Mac Malware, Malware
English
April 30, 2021
Mac Malware, Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Malware

TEARDROP Malware

The TEARDROP Malware is identified as a basic Trojan Dropper, which was used by the cybercriminals behind the recent supply-chain attack linked to the SolarWinds software vendor. This campaign involved the use of a... Read more

April 26, 2021
Android Malware

Cookiethief Android Malware Employs Web Cookies to Hijack Facebook Accounts

When you get yourself a new phone, perhaps you think about what protective casing you should get. Or maybe you focus on setting up the new device and transferring data from the old one right away. Once you do that,... Read more

June 8, 2020
Malware

How to Remove FoundCore Malware

FoundCore Malware is an old, but newly identified malware family, which is being used and developed by an Advanced Persistent Threat (APT) group tracked under the alias APT27 (also known as Cycldek or Goblin Panda.)... Read more

April 7, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.