Veracode researchers have uncovered a malware campaign that misuses Google Calendar to execute a malicious command-and-control (C2) server connection. The malware is embedded in a package, known as “os-info-checker-es6”, on the NPM platform and uses Unicode steganography to hide its code. The package was also reported as a dependency in four other packages. The malicious code retrieves a payload from a URL, stored in a Google Calendar event, and then executes it. Veracode has reported this malicious package to the NPM security team.
Malware Analysis Market Anticipated to Hit USD 28.1 Billion
The malware analysis market is growing due to increased cybersecurity threats and technology adoption. Valued at $6.8bn in 2022, it’s projected to reach $28.1bn by
