'web-browserify' Malware Mimics a Legitimate npm Package
'web-browserify' Malware Evades Virtual Environments, and Performs an Odd Destructive Maneuver
The 'web-browserify' Malware has some basic checks to try and avoid virtual environments, which could be used for malware analysis. The full scope of its functionality and goals is not yet clear, and cybersecurity experts note that it tends to exhibit some strange behavior. So far, 'web-browserify' Malware appears to function like a low-quality information stealer, which goes after software and hardware details, device information, usernames, etc. The strange part is that it tries to wipe out the contents of the '/etc/ directory on Linux/Mac directories – it is a core part of these operating systems, and having it wiped out is likely to prevent the system from booting.
Trying to steal small bits of information while trying to break the infected system in the meantime is a strange approach, and it is likely that 'web-browserify' Malware's creators have other plans as well. However, so far, the malware has not exhibited any other behavior. While the malicious npm package is not available any longer, it is likely that the criminals behind the operation will soon explore other malware propagation channels. To keep your Linux and Mac systems safe, you should rely on reputable antivirus software.