Suspected Hijacked Developer Accounts Spread npm Malware

Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?

Hackers have found a new way to exploit the software world, and this time, they’re using our own trust against us. Researchers at Sonatype have just caught a nasty campaign where legitimate developer accounts were hijacked to spread malicious code. This wasn’t just a random person making a fake app; it looks like a targeted takeover of established creators to inject tampered tools into the system without anyone noticing.

In a report shared with Hackread.com, the firm identified two dangerous packages named sbx-mask and touch-adv. These were quietly published to the npm registry (a massive library of code used by millions) to act as a digital backdoor into a developer’s machine.

Researchers found that these two packages were essentially programmed to act like ...