Free Phone Consultation For New Clients | CONTACT NOW

Open-source repository malware sows Havoc

As part of the ReversingLabs research team's ongoing surveillance of open source repositories, aabquerys has been identified, a malicious npm package that downloads second and third stage malware payloads to systems that have downloaded and run the npm package.

NetDirt took a look into the repository, where aabquerys was initially uploaded. As part of ongoing research, it has been confirmed that the package succeeds in its primary goal of downloading and executing malicious payloads without requiring admin or elevated privileges, as well as its secondary goals of attracting extra malware installations via active drive-by downloads.

aabquerys was uploaded to the popular streaming music site called Discordia-Music on July 31st, 2018. The uploader claims to be working for an unnamed "security company".

The GitHub repo is then listed as "private", with provides no further details. The package is then downloaded by a massive number of users on the spot.

What is This Malware?

According to the malware's description, it is described as a "Github scraper" or "Github search engine". Its primary use is to scrape github repos and generate a browsable website with results. The author(s) then claim that it's packaged with over 100,000+ repos to make it easy for developers to find relevant repositories.

Looking through the source code reveals that the project was created in February 2017, and downloaded over 20,000 times.

Source: Open-source repository malware sows Havoc - AlienVault - Open Threat Exchange

Need secure managed IT for your business?