Installing This Twilio Malware NPM Package Opens a Backdoor on Your Developer Machine

Published: Nov. 3, 2020, 7:36 p.m.

SonaType detected a Malware in NPM registry imitating to be Twilio package that opens a reverse connection to a remote server and allows attacker to access your local machine content. Let us discuss

Since this command is unix specific it won’t work on Windows

https://blog.sonatype.com/twilio-npm-is-brandjacking-malware-in-disguise



Resources

SSH Tunneling https://youtu.be/N8f5zv9UUMI

Ngrok https://www.youtube.com/watch?v=pR2qNnVIuKE


--- Send in a voice message: https://anchor.fm/hnasr/message