Installing This Twilio Malware NPM Package Opens a Backdoor on Your Developer Machine - podcast episode cover

Installing This Twilio Malware NPM Package Opens a Backdoor on Your Developer Machine

The Backend Engineering Show with Hussein Nasser
Nov 03, 202020 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

SonaType detected a Malware in NPM registry imitating to be Twilio package that opens a reverse connection to a remote server and allows attacker to access your local machine content. Let us discuss

Since this command is unix specific it won’t work on Windows

https://blog.sonatype.com/twilio-npm-is-brandjacking-malware-in-disguise



Resources

SSH Tunneling https://youtu.be/N8f5zv9UUMI

Ngrok https://www.youtube.com/watch?v=pR2qNnVIuKE


For the best experience, listen in Metacast app for iOS or Android