Web-browserify

Within the world of Mac computers, there’s a new movement of malware fresh out of the hands of hackers and cybercrooks. Among Mac malware threats, web-browserify appears to be a harmful threat that attempts to mimic open-source JavaScript programming. Loosely based on the “browserify” programming package, web-browserify looks to be attacking developers through a replicated JavaScript npm package.

A npm package is a manager for the JavaScript programming language. The npm, Inc. company is a subsidiary of the sharing platform GitHub, which is known for being a provider of Internet hosting and platforms for over 65 million developers around the world.

The web-browserify malware sample has been found to attack Macs and Linux systems essentially through a booby-trapped npm software package. There’s much confusion surrounding Web-browserify as it is based on JavaScript, which is an open-source programming that can be taken by just about anyone and modified to their liking. Such is a case where we believe that Web-browserify may have been crafted by hackers to ambush developers in a sneaky, unsuspecting method.

Right now, web-browserify is being cloaked within a bundle or TGZ archive and uploaded to an npm package where developers could download and open the file, which would then run a tricky binary in Executable and Linkable Format (ELF), which is supported by both MacOS and Linux. Additionally, web-browserify may evade detection and run in different virtual environments with unadulterated access to pilfer files and folders that may get erased by the threat.

The best approach for developers to take to avoid the attack of web-browserify is to utilize caution when seeking npm environments and utilize the proper resources to detect and eliminate the web-browserify malware on both Mac and Linux systems.