Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack

Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.

A new type of cyberattack has been discovered that uses ordinary images to hide a dangerous virus. Experts at Veracode Threat Research found a malicious package on NPM, which is a massive website used by millions of software developers to share tools. The package was designed to look like a normal piece of software, but its real goal was to take over a person’s computer.

The package was named buildrunner-dev. This is where the trick lies, as the hackers used a typosquatting technique where they gave it a name that is almost the same as a real, safe tool called buildrunner, hoping someone would make a spelling mistake and download it by accident. This shows that the attack starts the moment the software is installed.