Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Is Windows’ Alt+Tab shortcut broken for you? A rogue update is to blame

    Is Intel finally ready to compete with AMD’s Ryzen X3D chips?

    Nvidia’s legendary GeForce GTX 10-series cards might lose support soon

    Facebook X (Twitter) Instagram
    • Artificial Intelligence
    • Business Technology
    • Cryptocurrency
    • Gadgets
    • Gaming
    • Health
    • Software and Apps
    • Technology
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Tech AI Verse
    • Home
    • Artificial Intelligence

      Apple sued by shareholders for allegedly overstating AI progress

      June 22, 2025

      How far will AI go to defend its own survival?

      June 2, 2025

      The internet thinks this video from Gaza is AI. Here’s how we proved it isn’t.

      May 30, 2025

      Nvidia CEO hails Trump’s plan to rescind some export curbs on AI chips to China

      May 22, 2025

      AI poses a bigger threat to women’s work, than men’s, report says

      May 21, 2025
    • Business

      Cloudflare open-sources Orange Meets with End-to-End encryption

      June 29, 2025

      Google links massive cloud outage to API management issue

      June 13, 2025

      The EU challenges Google and Cloudflare with its very own DNS resolver that can filter dangerous traffic

      June 11, 2025

      These two Ivanti bugs are allowing hackers to target cloud instances

      May 21, 2025

      How cloud and AI transform and improve customer experiences

      May 10, 2025
    • Crypto

      Armed Robbers Steal $100,000 in a Mall Parking Lot | Crypto Horror Story

      July 1, 2025

      Lummis Proposes Tax Cuts for Crypto Miners in Trump’s Big Beautiful Bill

      July 1, 2025

      3 CoinGecko Top Gainers to Watch for the First Week of July

      July 1, 2025

      What Circle’s US Trust Bank Bid Means for USDT and Stablecoin Competition

      July 1, 2025

      Why PI’s Breakout Wasn’t What It Seemed: Network Nears All-Time Low

      July 1, 2025
    • Technology

      Is Windows’ Alt+Tab shortcut broken for you? A rogue update is to blame

      July 1, 2025

      Is Intel finally ready to compete with AMD’s Ryzen X3D chips?

      July 1, 2025

      Nvidia’s legendary GeForce GTX 10-series cards might lose support soon

      July 1, 2025

      NASA will start streaming live on Netflix later this summer

      July 1, 2025

      How to secure your printer with Windows 11’s new Protected Print mode

      July 1, 2025
    • Others
      • Gadgets
      • Gaming
      • Health
      • Software and Apps
    Shop Now
    Tech AI Verse
    You are at:Home»Technology»Malicious npm packages posing as utilities delete project directories
    Technology

    Malicious npm packages posing as utilities delete project directories

    TechAiVerseBy TechAiVerseJune 8, 2025No Comments3 Mins Read0 Views
    Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Reddit
    Malicious npm packages posing as utilities delete project directories
    Share
    Facebook Twitter LinkedIn Pinterest WhatsApp Email

    Malicious npm packages posing as utilities delete project directories

    Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories.

    The data wiper packages are ‘express-api-sync’ and ‘system-health-sync-api,’ and pose as database syncing and system health monitoring Ttools.

    According to open-source software security firm Socket, they both contain backdoors that enable remote data-wiping actions at the infected host.

    The packages were published on npm in May 2025 and have been removed from npm following their reporting by Socket.

    The firm’s historic stats show that express-api-sync was downloaded by unsuspecting developers 855 times, while express-api-sync had 104 downloads.

    The first package, express-api-sync, registers a hidden POST endpoint (/api/this/that) and waits for requests that contain the secret key ‘DEFAULT_123.’

    Once it receives it, it executes “rm -rf *” in the application’s directory, deleting all files.

    “Once triggered, the rm -rf * command executes in the application’s working directory, deleting all files, including source code, configuration files, uploaded assets, and any local databases,” explains the Socket report.

    “The endpoint returns status messages to the attacker indicating success ({“message”:”All files deleted”}) or failure of the destruction.”

    The second package, ‘system-health-sync-api,’ is more sophisticated.

    It registers multiple backdoor endpoints at:

    • GET /_/system/health → returns server status
    • POST /_/system/health → primary destruction endpoint
    • POST /_/sys/maintenance → backup destruction endpoint

    In this case, the secret key is ‘HelloWorld,’ triggering reconnaissance followed by remote, OS-specific destruction.

    The wiper supports both Linux (‘rm -rf *’) and Windows (‘rd /s /q .’) deletion commands, so it uses the right one depending on the detected architecture.

    Multi-platform destruction
    Source: Socket

    Once the action is complete, the wiper emails the attacker to ‘anupm019@gmail.com’ with the backend URL, the system fingerprint, and the result of the file wipe.

    The attacker also receives more immediate feedback to their original request via an HTTP response, which confirms whether the destructive command succeeded in real time.

    Cases of data wipers in npm are unusual, as they serve no financial gain or data theft purpose, which is the typical case when malware slips onto software distribution platforms.

    Socket comments on this by characterizing the two packages as “a concerning addition to npm’s threat landscape,” which could signify state-level or sabotage activity creeping into the ecosystem.

    “These packages don’t steal cryptocurrency or credentials—they delete everything,” concludes Socket.

    “This suggests attackers motivated by sabotage, competition, or state-level disruption rather than being solely financially motivated.”

    Why IT teams are ditching manual patch management

    Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.

    In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.

    Share. Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Telegram Email
    Previous ArticlePolice arrests 20 suspects for distributing child sexual abuse content
    Next Article Malware found in NPM packages with 1 million weekly downloads
    TechAiVerse
    • Website

    Jonathan is a tech enthusiast and the mind behind Tech AI Verse. With a passion for artificial intelligence, consumer tech, and emerging innovations, he deliver clear, insightful content to keep readers informed. From cutting-edge gadgets to AI advancements and cryptocurrency trends, Jonathan breaks down complex topics to make technology accessible to all.

    Related Posts

    Is Windows’ Alt+Tab shortcut broken for you? A rogue update is to blame

    July 1, 2025

    Is Intel finally ready to compete with AMD’s Ryzen X3D chips?

    July 1, 2025

    Nvidia’s legendary GeForce GTX 10-series cards might lose support soon

    July 1, 2025
    Leave A Reply Cancel Reply

    Top Posts

    New Akira ransomware decryptor cracks encryptions keys using GPUs

    March 16, 202526 Views

    OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits

    April 19, 202522 Views

    Rsync replaced with openrsync on macOS Sequoia

    April 7, 202517 Views

    I love that this tiny NAS offers up to 32TB of SSD storage and four 2.5GbE LAN ports, but why the DisplayPort connector?

    May 18, 202513 Views
    Don't Miss
    Technology July 1, 2025

    Is Windows’ Alt+Tab shortcut broken for you? A rogue update is to blame

    Is Windows’ Alt+Tab shortcut broken for you? A rogue update is to blame Image: Ham…

    Is Intel finally ready to compete with AMD’s Ryzen X3D chips?

    Nvidia’s legendary GeForce GTX 10-series cards might lose support soon

    NASA will start streaming live on Netflix later this summer

    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    About Us
    About Us

    Welcome to Tech AI Verse, your go-to destination for everything technology! We bring you the latest news, trends, and insights from the ever-evolving world of tech. Our coverage spans across global technology industry updates, artificial intelligence advancements, machine learning ethics, and automation innovations. Stay connected with us as we explore the limitless possibilities of technology!

    Facebook X (Twitter) Pinterest YouTube WhatsApp
    Our Picks

    Is Windows’ Alt+Tab shortcut broken for you? A rogue update is to blame

    July 1, 20250 Views

    Is Intel finally ready to compete with AMD’s Ryzen X3D chips?

    July 1, 20250 Views

    Nvidia’s legendary GeForce GTX 10-series cards might lose support soon

    July 1, 20250 Views
    Most Popular

    Ethereum must hold $2,000 support or risk dropping to $1,850 – Here’s why

    March 12, 20250 Views

    Xiaomi 15 Ultra Officially Launched in China, Malaysia launch to follow after global event

    March 12, 20250 Views

    Apple thinks people won’t use MagSafe on iPhone 16e

    March 12, 20250 Views
    © 2025 TechAiVerse. Designed by Divya Tech.
    • Home
    • About Us
    • Contact Us
    • Privacy Policy
    • Terms & Conditions

    Type above and press Enter to search. Press Esc to cancel.