Back in November, we published a write-up about a collection of npm packages involved in a complex attack chain. These packages, once installed, would download a remote file, decrypt it, execute an exported function from it, and then meticulously cover their tracks by deleting and renaming files. This left the| Phylum Research | Software Supply Chain Security
On October 30, 2023 Phylum’s automated risk detection platform alerted us to a strange publication to npm called puma-com. Upon investigation, we found a very convoluted attack chain that ultimately pulled a remote file, manipulated it in place, called an exported function from that file, and then meticulously covered| Phylum Research | Software Supply Chain Security