Ax Sharma

Canada, India, United Kingdom

Tech Reporter and Security Researcher at Bleeping Computer

Tech Reporter and Security Researcher at Security Boulevard

Infosec Researcher, Journalist | 📰 Bylines + seen on 📸 BBC, BleepingComputer, Channel 5, WaPo, TechCrunch, WIRED | Member @The_BAJ @CAJ | ✉️ Tips? [email protected]

Articles

Revived CryptoJS library is a crypto stealer in disguise

2 weeks ago | securityboulevard.com | Ax Sharma

An illicit npm package called ‘crypto-encrypt-ts‘ may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets to threat actors. *** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/revived-cryptojs-library-is-a-crypto-stealer-in-disguise
Revived CryptoJS library is a crypto stealer in disguise

2 weeks ago | sonatype.com | Ax Sharma

An illicit npm package called 'crypto-encrypt-ts' may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets to threat actors. Discovered by Sonatype's automated malware detection systems, the counterfeit 'crypto-encrypt-ts' has been downloaded more than 1,928 times already since its publication.
Jira Down: Atlassian users experiencing degraded performance

4 weeks ago | bleepingcomputer.com | Ax Sharma

Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. Jira is a popular project management and issue tracking software solution used by workplaces to plan, track and manage workflows, specifically among Agile software development teams.
Multiple crypto packages hijacked, turned into info-stealers

1 month ago | sonatype.com | Ax Sharma

Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims. Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers. However, our automated malware detection systems detected that the latest versions of each of these packages were laden with obfuscated scripts, raising alarms.
Multiple crypto packages hijacked, turned into info-stealers

1 month ago | securityboulevard.com | Ax Sharma

Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims. *** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware

Feb 5, 2025 | securityboulevard.com | Ax Sharma

A counterfeit ‘Truffle for VS Code’ extension, published on the npmjs registry, abuses the ConnectWise ScreenConnect remote desktop utility, allowing threat actors to compromise Windows systems that install the package. *** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/fake-vs-code-extension-on-npm-uses-altered-screenconnect-utility-as-spyware
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware

Feb 5, 2025 | sonatype.com | Ax Sharma

A counterfeit 'Truffle for VS Code' extension, published on the npmjs registry, abuses the ConnectWise ScreenConnect remote desktop utility, allowing threat actors to compromise Windows systems that install the package. The real Truffle for VS Code extension on the Microsoft Visual Studio Marketplace has been installed around 80,000 times and also has its source code available on GitHub. The official GitHub repository also contains a private npm component called 'truffle-vscode'.
Fake Solana packages target crypto devs, abuse Slack & ImgBB for data theft

Jan 8, 2025 | securityboulevard.com | Ax Sharma

Recently discovered malicious packages on the npmjs.com registry named “solanacore,” “solana-login,” and “walletcore-gen” target Solana crypto developers with Windows trojans and malware capable of keylogging and sensitive data exfiltration. Furthermore, these packages abuse Slack web hooks and ImgBB APIs to transfer collected data to external actors.
Fake Solana packages target crypto devs, abuse Slack & ImgBB for data theft

Jan 8, 2025 | sonatype.com | Ax Sharma

Recently discovered malicious packages on the npmjs.com registry named "solanacore," "solana-login," and "walletcore-gen" target Solana crypto developers with Windows trojans and malware capable of keylogging and sensitive data exfiltration. Furthermore, these packages abuse Slack web hooks and ImgBB APIs to transfer collected data to external actors.
Counterfeit ESLint and Node 'types' libraries downloaded thousands of times abuse Pastebin

Dec 18, 2024 | securityboulevard.com | Ax Sharma

The legitimate ESLint packages on the npmjs.com registry are called “typescript-eslint” and “@typescript-eslint/eslint-plugin.” This has unscrupulous actors publishing a typosquat named “@typescript_eslinter/eslint” that very closely resembles the names of the real libraries, but is up to no good. The counterfeit component has been downloaded thousands of times.