Close Menu
TechurzTechurz
    What's Hot

    Startup Battlefield Australia application closes in days: Apply before July 6

    June 30, 2026

    Acti puts AI agents directly into your smartphone keyboard

    June 30, 2026

    The DeepMind trio who built a poker AI are now making money for quant hedge funds

    June 30, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    • The DeepMind trio who built a poker AI are now making money for quant hedge funds
    • Nvidia competitor Etched hits $5B valuation, $1B in sales for AI chip
    • Clicks shows off its BlackBerry-inspired phone in a new hands-on video
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - Typo hackers sneak cross-platform credential stealer into 10 npm packages
    Cyber Reality

    Typo hackers sneak cross-platform credential stealer into 10 npm packages

    TechurzBy TechurzOctober 31, 2025Updated:May 10, 2026No Comments1 Min Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Teenage Hacker Working with His Computer Infecting Servers and Infrastructure with Malware. His Hideout is Dark, Neon Lit and Has Multiple displays.
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Payload for IP fingerprinting and credential theft

    Once the fake CAPTCHA interaction occurs, the installer sends the victim’s IP address to the attacker’s server, a step that allows tracking, geofencing, and exclusion of unwanted targets.

    It then downloads the payload from the same host, which is a 24 MB Pyinstaller-packed application that contains hundreds of thousands of strings and multiple binaries, indicating a feature-rich stealer.

    Socket further analyzed the binaries to perform aggressive filesystem and credential harvest, targeting browser password stores and cookies, SSH keys, OS keyrings (Windows Credential Manager, macOS keychain, Linux SecretService), cloud config files, SDK tokens, and other artifacts that can lead to “long-terms access” to code repositories, cloud consoles, and corporate resources. Exfiltration transfers the data to the threat actor’s host, providing a central collection point for harvested secrets. Socket has published a full list of the ten malicious package names, their hashes, and the attacker’s associated email address to help developers and defenders identify potential compromises.

    Popular libraries typosquatted in the campaign include TypeScript, discord.js, ethers.js, nodemon, react-router-dom, and zustand. npm’s popularity has made it a growing target for imposter packages, with abusers conducting massive espionage and supply-chain attacks in recent months.

    credential crossplatform Hackers npm packages sneak Stealer typo
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleHow to remotely access and control someone else’s iPhone (with their permission)
    Next Article A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do
    Techurz
    • Website

    Related Posts

    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Cyber Reality

    Neural Data Policy: 7 Risks That Brain Privacy Laws Miss

    May 25, 2026
    Cyber Reality

    How AI Changing Cyber Crime: 7 Critical Shifts to Watch

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.