<ul><li>Two malicious packages were recently discovered on the npm repository using dubious backdoors to target their users.</li><li>The malicious packages were named "ethers-provider2" and "ethers-providerz", designed to deceive users into thinking they are related to a legitimate package called "ethers".</li><li>The packages served as downloaders, patching the legitimate ethers package and granting attackers a reverse shell, enabling them to run commands, steal data, or install malware on target computers.</li><li>These backdoors specifically target software developers building on the Ethereum blockchain, presenting a risk to their projects and potentially their cryptocurrencies.</li></ul>

Malicious npm packages use devious backdoors to target users

Discover more