PulseAugur
EN
LIVE 23:26:01

Israeli startup linked to npm infostealer campaign targeting AI developers

A cybersecurity campaign has been traced to an Israeli startup, utilizing typosquatted packages on the Node Package Manager (npm) to impersonate popular AI and development tools. These malicious packages, including those mimicking Anthropic, Vercel, LangChain, and OpenAI, were designed to profile developer machines upon installation. The npm account associated with this campaign has been linked to the founder of a stealth-mode cybersecurity firm. AI

IMPACT Malicious packages impersonating AI tools like Anthropic and OpenAI pose a direct threat to developers, potentially compromising sensitive data and development environments.

RANK_REASON The cluster describes a malicious campaign using typosquatted packages to impersonate AI and development tools, which falls under security tooling and threats.

Read on Mastodon — fosstodon.org →

AI-generated summary · Google Gemini · from 1 sources. How we write summaries →

Israeli startup linked to npm infostealer campaign targeting AI developers

COVERAGE [1]

  1. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    🇮🇱 npm Infostealer Campaign Traced to Israeli Cybersecurity Startup 「 Typosquatted packages impersonating Anthropic, Vercel, LangChain, Ollama, OpenAI and Aspec

    🇮🇱 npm Infostealer Campaign Traced to Israeli Cybersecurity Startup 「 Typosquatted packages impersonating Anthropic, Vercel, LangChain, Ollama, OpenAI and Aspect Security quietly profiled developer machines on install. According to OpenSourceMalware.com, the npm account behind th…