Google is giving you more control over dark mode in Chrome
Android users get first look at new site auto-dark options
Read MoreResearchers have identified a new strain of Linux and macOS malware capable of eluding even the most reputable antivirus services.
According to security company Sonatype, the malicious program was discovered on the npm registry, a developer resource that catalogues various open source JavaScript packages.
The malware was listed on the database as “web-browserify”, in imitation of the popular Browserify component, which has been downloaded upwards of 160 million times since launch.
Analysis conducted by Sonatype revealed the web-browserify package had been created by stitching together hundreds of different open source components, all of which are legitimate when taken in isolation.
Once downloaded, the package extracts and runs an ELF malware executable, elevating the attacker’s privileges and laying the foundations for all manner of surveillance activities. The data types harvested by the malware include OS information, VMs present on the system, Docker images, connected bluetooth devices and various data points on the device hardware.
The malware is also able to gain persistence on Linux, building itself into the startup process that activates whenever a device is switched on.
Although the malware threat was detected relatively early, having accrued only 50 downloads, researchers found it had an alarming ability to bypass security measures. At the time of writing, the ELF malware smuggled in the malicious package has a zero detection rate among all leading antivirus software.
The chaining together of legitimate software for illegitimate purposes is thought to have allowed the malware to evade detection so successfully.
The web-browserify package has since been removed from the npm registry, but sets a precedent that could inform future attacks of this kind.
Via BleepingComputer
Android users get first look at new site auto-dark options
Read MoreAfter long laying claim to the most affordable NBN 50 plan, Tangerine has been pushed out by Exetel.
Read MoreIBM’s new processor will increase energy efficiency and workload capacity.
Read MoreSecurity teams at Apple have been busy fixing zero-day vulnerabilities this year.
Read MoreWant to hire best people for your project? Look no further you came to the right place!