Summary: Researchers have identified two malicious npm packages, ethers-provider2 and ethers-providerz, that are designed to alter and compromise locally installed legitimate packages in the software supply chain, highlighting ongoing threats to the open-source ecosystem. The first package acts as a trojan that affects the widely used ethers package, enabling persistent malware installation even after the malicious package is removed. These developments underscore the need for careful scrutiny of open-source software before use.
Affected: npm registry, open-source software projects
Keypoints :
- Malicious packages ethers-provider2 and ethers-providerz were detected on the npm registry.
- ethers-provider2 modifies the legitimate ethers package to introduce a reverse shell, ensuring persistence for attackers.
- Both packages exemplify the evolving tactics of threat actors targeting software supply chains, necessitating increased scrutiny of open-source repositories.
Source: https://thehackernews.com/2025/03/malicious-npm-package-modifies-local.html