Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment transactions.

DeveloperTech offers insights into technology news, industry trends, and developer tools, providing articles and interviews to stay updated with advancements in technology and discover new tools and frameworks. By exploring DeveloperTech's curated content, developers can learn about emerging technologies, industry best practices, and career development opportunities in the tech industry. Whether you're a software engineer, tech enthusiast, or startup founder, DeveloperTech provides resources to keep you informed and inspired in the fast-paced world of technology.

Developer Tech

Cybersecurity researchers at Socket have discovered a malicious npm package, @naderabdi/merchant-advcash, that hijacks server control during payment transactions. The package, designed to look like a legitimate integration for the Advcash payment platform, activates a reverse shell upon successful payment, allowing attackers to remotely control systems. The sophistication of the module, including its delayed activation and minimal footprint, helps it evade static analysis tools. Developers are reminded to be cautious and not blindly trust external packages.

Masquerading payment npm package installs backdoor