Software Security

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity experts have found a new suspicious package posted to the npm package registry that's meant to deploy a remote access trojan (RAT)…
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity experts have found a new suspicious package posted to the npm package registry that's meant to deploy a remote access trojan (RAT)…
<!DOCTYPE html>
<html>
<head>
  <title>ApkModDone Download: Templated DOM</title>
</head>
<body>
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/3704019819-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY74KqF5dpPfI26bp4QaZmxLCkg2mQ:1734522558147';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d1103112408775776059','//dl.apkmoddone.com/search/label/Software%20Security?hl\x3dar','1103112408775776059');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '1103112408775776059', 'title': 'ApkModDone Download', 'url': 'https://dl.apkmoddone.com/search/label/Software%20Security?hl\x3dar', 'canonicalUrl': 'https://dl.apkmoddone.com/search/label/Software%20Security', 'homepageUrl': 'https://dl.apkmoddone.com/?hl\x3dar', 'searchUrl': 'https://dl.apkmoddone.com/search', 'canonicalHomepageUrl': 'https://dl.apkmoddone.com/', 'blogspotFaviconUrl': 'https://dl.apkmoddone.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'ar', 'localeUnderscoreDelimited': 'ar', 'languageDirection': 'rtl', 'isPrivate': true, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22ApkModDone Download - Atom\x22 href\x3d\x22https://dl.apkmoddone.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22ApkModDone Download - RSS\x22 href\x3d\x22https://dl.apkmoddone.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22ApkModDone Download - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/1103112408775776059/posts/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-6297348522087868', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/2dbf2ee4cef330c7', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': '\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0631\u0627\u0628\u0637', 'key': 'link', 'shareMessage': '\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0627\u0644\u0631\u0627\u0628\u0637', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': '\u0645\u0634\u0627\u0631\u0643\u0629 \u0625\u0644\u0649 Facebook', 'target': 'facebook'}, {'name': '\u0643\u062a\u0627\u0628\u0629 \u0645\u062f\u0648\u0646\u0629 \u062d\u0648\u0644 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0627\u0631\u0643\u0629', 'key': 'blogThis', 'shareMessage': '\u0643\u062a\u0627\u0628\u0629 \u0645\u062f\u0648\u0646\u0629 \u062d\u0648\u0644 \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0627\u0631\u0643\u0629', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': '\u0645\u0634\u0627\u0631\u0643\u0629 \u0625\u0644\u0649 X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': '\u0645\u0634\u0627\u0631\u0643\u0629 \u0625\u0644\u0649 Pinterest', 'target': 'pinterest'}, {'name': '\u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a', 'key': 'email', 'shareMessage': '\u0628\u0631\u064a\u062f \u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27ar\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': '\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0632\u064a\u062f', 'pageType': 'index', 'searchLabel': 'Software Security', 'pageName': 'Software Security', 'pageTitle': 'ApkModDone Download: Software Security'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': '\u062a\u0639\u062f\u064a\u0644', 'linkCopiedToClipboard': '\u062a\u0645 \u0646\u0633\u062e \u0627\u0644\u0631\u0627\u0628\u0637 \u0625\u0644\u0649 \u0627\u0644\u062d\u0627\u0641\u0638\u0629', 'ok': '\u062d\u0633\u0646\u064b\u0627', 'postLink': '\u0631\u0627\u0628\u0637 \u0627\u0644\u0645\u0634\u0627\u0631\u0643\u0629'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': '\u0645\u062e\u0635\u0635', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'ApkModDone Download', 'description': '', 'url': 'https://dl.apkmoddone.com/search/label/Software%20Security?hl\x3dar', 'type': 'feed', 'isSingleItem': false, 'isMultipleItems': true, 'isError': false, 'isPage': false, 'isPost': false, 'isHomepage': false, 'isArchive': false, 'isSearch': true, 'isLabelSearch': true, 'search': {'label': 'Software Security', 'resultsMessage': '\u0639\u0631\u0636 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0630\u0627\u062a \u0627\u0644\u062a\u0635\u0646\u064a\u0641 Software Security', 'resultsMessageHtml': '\u0639\u0631\u0636 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0630\u0627\u062a \u0627\u0644\u062a\u0635\u0646\u064a\u0641 \x3cspan class\x3d\x27search-label\x27\x3eSoftware Security\x3c/span\x3e'}}}, {'name': 'widgets', 'data': [{'title': 'ApkModDone Download (\u0631\u0623\u0633 \u0627\u0644\u0635\u0641\u062d\u0629)', 'type': 'Header', 'sectionId': 'header-title', 'id': 'Header1'}, {'title': 'Try \x27Adventure\x27', 'type': 'BlogSearch', 'sectionId': 'header-search', 'id': 'BlogSearch1'}, {'title': 'Header Icon', 'type': 'TextList', 'sectionId': 'header-icon', 'id': 'TextList000'}, {'title': 'Contributors', 'type': 'Profile', 'sectionId': 'header-icon', 'id': 'Profile1'}, {'title': 'Additional Menu', 'type': 'PageList', 'sectionId': 'nav-widget-1', 'id': 'PageList002'}, {'title': 'Social Media', 'type': 'LinkList', 'sectionId': 'nav-widget-1', 'id': 'LinkList002'}, {'title': 'Navigation Menu', 'type': 'HTML', 'sectionId': 'nav-widget-2', 'id': 'HTML000'}, {'title': 'Under Header Ad', 'type': 'HTML', 'sectionId': 'horizontal-ad', 'id': 'HTML91'}, {'title': 'Pinned Post', 'type': 'FeaturedPost', 'sectionId': 'top-widget', 'id': 'FeaturedPost1', 'postId': '266456140355487247'}, {'title': 'Ad Placement', 'type': 'HTML', 'sectionId': 'top-widget', 'id': 'HTML92'}, {'title': 'rndPop', 'type': 'HTML', 'sectionId': 'top-widget', 'id': 'HTML1'}, {'title': '\u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u0645\u062f\u0648\u0646\u0629 \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u0629', 'type': 'Blog', 'sectionId': 'main-widget', 'id': 'Blog1', 'posts': [{'id': '5333455329179718371', 'title': 'Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2iFcn0C6S-hnejttfDGMxnn0Q_W5yzx42XXqTNXTjdn9EZDCsYZE2twS7uKmGpa_DX9ZgVe2B6Jq0BT8vgK5zjwfSaVrR807mgbdiNQsP59GbZJW-B72APUkBYR_j2mjuwOakM0mlcE0gV9ZftaQwjpiPj34Xay_ufH-vshGIP3mn0Zaq51NKIGOc-Y8/s16000/npm.webp', 'showInlineAds': false}, {'id': '4600517658793981099', 'title': 'Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCfcYzZDBFtmI73iBJkZqpLJ7w7rtVJ5JNYcoTXVla-NKPxz83hxQ8iysEpn9wzuRh57ce_aqOdvYXiF8UnD40mefvU0jzIXXVTFZRuZRDb7nu-EvDdEdnKh3YTWTBSLMOMMQmTp3wmfx7i5PIzcz0DCfyryw1HHS83kCaOGuZ9jDafRoTLyzJG8fOXZA/s16000/npm.webp', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': 'On'}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'icons', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}, {'regionName': 'footer3', 'items': [{'name': 'location', 'label': '\u0627\u0644\u0645\u0643\u0627\u0646:'}]}], 'allBylineItems': [{'name': 'share', 'label': ''}, {'name': 'timestamp', 'label': 'On'}, {'name': 'icons', 'label': ''}, {'name': 'labels', 'label': ''}, {'name': 'location', 'label': '\u0627\u0644\u0645\u0643\u0627\u0646:'}]}, {'title': 'Middle Post Ad 01', 'type': 'HTML', 'sectionId': 'main-widget', 'id': 'HTML01'}, {'title': 'Middle Post Ad 02', 'type': 'HTML', 'sectionId': 'main-widget', 'id': 'HTML02'}, {'title': 'Middle Post Ad 03', 'type': 'HTML', 'sectionId': 'main-widget', 'id': 'HTML03'}, {'title': 'Recurring Post Ad', 'type': 'HTML', 'sectionId': 'main-widget', 'id': 'HTML04'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'side-widget', 'id': 'PopularPosts00', 'posts': [{'title': 'Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware', 'id': 3108926211488024860}, {'title': 'China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices', 'id': 7829270625112044906}, {'title': 'AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform', 'id': 3783787834549759428}, {'title': 'Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan', 'id': 5446963176632914959}, {'title': 'South Korean ERP Vendor\x27s Server Hacked to Spread Xctdoor Malware', 'id': 576601823986497190}]}, {'title': 'Labels', 'type': 'Label', 'sectionId': 'side-widget', 'id': 'Label00'}, {'title': 'Table of contents', 'type': 'HTML', 'sectionId': 'side-widget', 'id': 'HTML11'}, {'title': 'Mobile Menu', 'type': 'TextList', 'sectionId': 'mobile-menu', 'id': 'TextList99'}, {'title': 'Made with coffee by', 'type': 'HTML', 'sectionId': 'footer-widget-1', 'id': 'HTML77'}, {'title': 'Social Media Link', 'type': 'LinkList', 'sectionId': 'footer-widget-1', 'id': 'LinkList1'}, {'title': 'Company', 'type': 'LinkList', 'sectionId': 'footer-widget-2', 'id': 'LinkList2'}, {'title': 'Product \x26amp; Service', 'type': 'LinkList', 'sectionId': 'footer-widget-3', 'id': 'LinkList3'}, {'title': 'Support', 'type': 'LinkList', 'sectionId': 'footer-widget-4', 'id': 'LinkList4'}, {'title': 'Credit', 'type': 'HTML', 'sectionId': 'credit-widget', 'id': 'HTML88'}, {'title': 'Back to top', 'type': 'TextList', 'sectionId': 'credit-widget', 'id': 'TextList88'}, {'title': 'Anchor Ad - Mobile only', 'type': 'HTML', 'sectionId': 'anchor-ad', 'id': 'HTML99'}, {'title': 'Take me back', 'type': 'HTML', 'sectionId': 'error-404', 'id': 'HTML404'}, {'title': 'Cookie Consent', 'type': 'HTML', 'sectionId': 'addons-widget', 'id': 'HTML21'}, {'title': 'Oops!', 'type': 'HTML', 'sectionId': 'addons-widget', 'id': 'HTML22'}, {'title': 'Enable JavaScript!', 'type': 'HTML', 'sectionId': 'addons-widget', 'id': 'HTML25'}, {'title': 'Country Block', 'type': 'HTML', 'sectionId': 'addons-widget', 'id': 'HTML26'}]}]);
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header-title', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogSearchView', new _WidgetInfo('BlogSearch1', 'header-search', document.getElementById('BlogSearch1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_TextListView', new _WidgetInfo('TextList000', 'header-icon', document.getElementById('TextList000'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'header-icon', document.getElementById('Profile1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList002', 'nav-widget-1', document.getElementById('PageList002'), {'title': 'Additional Menu', 'links': [{'isCurrentPage': false, 'href': '/p/sitemap.html', 'title': 'Sitemap'}, {'isCurrentPage': false, 'href': '/p/disclaimer.html', 'title': 'Disclaimer'}, {'isCurrentPage': false, 'href': '/p/privacy.html', 'title': 'Privacy'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList002', 'nav-widget-1', document.getElementById('LinkList002'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML000', 'nav-widget-2', document.getElementById('HTML000'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML91', 'horizontal-ad', document.getElementById('HTML91'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_FeaturedPostView', new _WidgetInfo('FeaturedPost1', 'top-widget', document.getElementById('FeaturedPost1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML92', 'top-widget', document.getElementById('HTML92'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'top-widget', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main-widget', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'navMessage': '\u200f\u0625\u0638\u0647\u0627\u0631 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0630\u0627\u062a \u0627\u0644\u062a\u0633\u0645\u064a\u0627\u062a \x3cb\x3eSoftware Security\x3c/b\x3e. \x3ca href\x3d\x22https://dl.apkmoddone.com/\x22\x3e\u0625\u0638\u0647\u0627\u0631 \u0643\u0627\u0641\u0629 \u0627\u0644\u0631\u0633\u0627\u0626\u0644\x3c/a\x3e', 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2791997225-lbx__ar.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/1964470060-lightbox_bundle_rtl.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML01', 'main-widget', document.getElementById('HTML01'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML02', 'main-widget', document.getElementById('HTML02'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML03', 'main-widget', document.getElementById('HTML03'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML04', 'main-widget', document.getElementById('HTML04'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts00', 'side-widget', document.getElementById('PopularPosts00'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label00', 'side-widget', document.getElementById('Label00'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML11', 'side-widget', document.getElementById('HTML11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_TextListView', new _WidgetInfo('TextList99', 'mobile-menu', document.getElementById('TextList99'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML77', 'footer-widget-1', document.getElementById('HTML77'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList1', 'footer-widget-1', document.getElementById('LinkList1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList2', 'footer-widget-2', document.getElementById('LinkList2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList3', 'footer-widget-3', document.getElementById('LinkList3'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList4', 'footer-widget-4', document.getElementById('LinkList4'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML88', 'credit-widget', document.getElementById('HTML88'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_TextListView', new _WidgetInfo('TextList88', 'credit-widget', document.getElementById('TextList88'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML99', 'anchor-ad', document.getElementById('HTML99'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML404', 'error-404', document.getElementById('HTML404'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML21', 'addons-widget', document.getElementById('HTML21'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML22', 'addons-widget', document.getElementById('HTML22'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML25', 'addons-widget', document.getElementById('HTML25'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML26', 'addons-widget', document.getElementById('HTML26'), {}, 'displayModeFull'));
</script>
</body>
</html>