GoPlus：警惕朝鲜黑客发布的26个恶意软件包，可远程下载并执行木马

GateNews

2026-03-03 08:33:04

PANews 3月3日消息，GoPlus中文社区在X平台发布预警称，朝鲜黑客向npm注册表发布了一组26个恶意软件包，这些恶意软件包都附带一个安装脚本（“install.js”），该脚本会在软件包安装过程中自动执行，进而运行位于“vendor/scrypt-js/version.js”中的恶意代码，恶意代码会通过同一恶意URL下载并执行远程访问木马（RAT），实施键盘记录剪贴板窃取浏览器凭据收集TruffleHog秘密扫描Git仓库和SSH密钥窃取等恶意行为。此次事件与一个名为“Famous Chollima”的朝鲜黑客活动相关。请用户和开发者在安装软件包时注意检查来源和安全性，避免如下26个恶意软件，以免造成隐私泄露或资产损失：

argonist@0.41.0 bcryptance@6.5.2 bee-quarl@2.1.2 bubble-core@6.26.2 corstoken@2.14.7 daytonjs@1.11.20 ether-lint@5.9.4 expressjs-lint@5.3.2 fastify-lint@5.8.0 formmiderable@3.5.7 hapi-lint@19.1.2 iosysredis@5.13.2 jslint-config@10.22.2 jsnwebapptoken@8.40.2 kafkajs-lint@2.21.3 loadash-lint@4.17.24 mqttoken@5.40.2 prism-lint@7.4.2 promanage@6.0.21 sequelization@6.40.2 typoriem@0.4.17 undicy-lint@7.23.1 uuindex@13.1.0 vitetest-lint@4.1.21 windowston@3.19.2 zoddle@4.4.2

View Source

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.