Installing This Twilio Malware NPM Package Opens a Backdoor on Your Developer Machine

SonaType detected a Malware in NPM registry imitating to be Twilio package that opens a reverse connection to a remote server and allows attacker to access your local machine content. Let us discuss

Since this command is unix specific it won’t work on Windows

https://blog.sonatype.com/twilio-npm-is-brandjacking-malware-in-disguise

Resources

SSH Tunneling https://youtu.be/N8f5zv9UUMI

Ngrok https://www.youtube.com/watch?v=pR2qNnVIuKE