"The malicious package, fezbox, is disguised as a utility library and has "layers of obfuscation" including the "innovative, steganographic use" of QR codes. Steganography involves embedding secret data into a cover medium so that it goes undetected. "Steganography is the practice of hiding a secret file in plain sight, something for which QR codes are great," wrote Socket researcher Olivia Brown."
"Hiding within seemingly meaningless code The package exploits npm, the popular package manager for JavaScript, and features three layers of obfuscation: a reversed string, a QR code, and a hidden payload. The sophisticated malware delivery mechanism harvests user names and passwords from browser cookies, using code concealed in an embedded QR code that is particularly data dense and difficult to read."
Fezbox is a malicious npm package disguised as a JavaScript/TypeScript utility library that includes a QR code module. The package uses three layers of obfuscation: a reversed string, an embedded QR code carrying concealed code, and a hidden payload. The embedded QR code uses steganographic techniques to hide data and is particularly data-dense and difficult to read. The malware harvests usernames and passwords from browser cookies. The package's README claims common helper functions, TypeScript types, high performance, and tests, and suggests QR code generation and analysis features to mask malicious intent.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]