Cybersecurity

New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector

56 sec read2 views0 listens

A new supply chain attack has emerged, targeting developers through the npm package registry. The malicious package, named undicy-http, is designed to deploy a screen-streaming Remote Access Trojan (RAT) and a browser injector that steals session credentials from various platforms.

Key Details of the Attack:

Malicious Package: undicy-http
Primary Payload: A native binary called chromelevator.exe which employs direct syscalls to bypass EDR and antivirus hooks.
Persistence Mechanisms:
- Creates a scheduled task named ScreenLiveClient.
- Writes registry run keys for persistence.
- Places itself in the Windows Startup folder.

Infection Chain:

Initial Deployment: When developers install undicy-http, it checks if it is running as a hidden process and re-launches using VBScript (wscript.exe) to hide execution traces.
Persistence:
- Establishes persistence through scheduled tasks, registry keys, and startup folder entries.
Anti-Analysis Techniques: Conducts anti-VM checks and looks for analysis tools like Wireshark, IDA, and Ghidra.
User Deception: Pops up a fake missing

Read the full article at Cyber Security News

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

The Gentlemen Strike E-Control Systems with Ransomware Attack

The ransomware group The Gentlemen claimed responsibility for a cyberattack against E-Control Systems on May 18, 2026, threatening to leak sensitive data unless negotiations begin. This breach of a California-based IoT leader underscores the critical...

Ali Nemati

Cybersecurity6 days ago32 sec read

Securing the AI Supply Chain in the European Union

The European Union is implementing a comprehensive set of regulations that mandate strict cybersecurity measures for AI systems, treating security as a statutory obligation rather than an optional consideration. This shift is crucial for developers a...

Ali Nemati

Real Estate & HomeMay 1926 sec read

A common-sense approach to housing affordability

Elevated mortgage rates and outdated capital gains tax exemptions are significantly limiting housing inventory by discouraging homeowners from selling. Developers and tech professionals should monitor policy changes aimed at incentivizing housing tur...

Ali Nemati

CybersecurityMay 1625 sec read

Q&A: Strategies for tackling misinformation online

Cyabra, a cybersecurity firm led by CEO Dan Brahmy, offers tools to detect and analyze coordinated inauthentic campaigns online. This matters as the ease of creating fake accounts and narratives increases, posing significant risks to brand reputation...

Ali Nemati

CybersecurityMay 1427 sec read

America's cyber gap: The startup racing to close it

Z Labs, a US defense startup, is developing AI agents that can identify and respond to cyber threats at machine speed, addressing the growing threat from state-sponsored hackers. This technology is crucial as traditional human-dependent defenses cann...

Ali Nemati

New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector

Key Details of the Attack:

Infection Chain:

Related Articles

The Gentlemen Strike E-Control Systems with Ransomware Attack

Securing the AI Supply Chain in the European Union

A common-sense approach to housing affordability

Q&A: Strategies for tackling misinformation online

America's cyber gap: The startup racing to close it