Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Updated on May 15, 2025

Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems.
“This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final…

Read the rest of the story at Read More

Source: The Hacker News

November 18, 2024 Uncategorized

Urgent: Critical WordPress Plugin Vulner...

December 26, 2024 Uncategorized

Brazilian Hacker Charged for Extorting $...

November 30, 2024 Uncategorized

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Related posts

Urgent: Critical WordPress Plugin Vulner...

Brazilian Hacker Charged for Extorting $...

Wanted Russian Cybercriminal Linked to H...

Leave a Comment Cancel reply

Recent News

Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

Pen Testing for Compliance Only? It’s Time to Change Your Approach

5 BCDR Essentials for Effective Ransomware Defense

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering