Cybersecurity researchers have uncovered 36 malicious packages in the npm registry that masquerade as legitimate Strapi CMS plugins. These packages contain different payloads designed to exploit Redis and PostgreSQL databases, deploy reverse shells, harvest credentials, and install persistent implants on compromised systems.
The malicious packages share a common structure, each containing three files: package.json, index.js, and postinstall.js. Notably, these packages lack basic metadata such as descriptions and repository information, which should serve as red flags for developers during the installation process.