Malicious Node install script on Google search
Sometimes I have to install Node on my machine for work, or a personal project. This occurs rarely, so I keep forgetting how to do it. So I did what I usually do, and Googled how to install nvm. To my surprise there’s a sponsored result, which immediately triggers a red flag: This link leads to a repo in Github. It has the following readme - I’ve omitted the domain and path: If we look at the script in question: It prompts for your pass, stores it in a file and downloads a binary. It then executes that binary and your system is compromised. This attack seems to target quite a few google keywords, as I’ve tried other queries related to installing Node and quite a few of them show the sponsored malware. I’ve reported the repository and the ad as malicious and hopefully Github/Google will take it down. Nevertheless - it serves as a reminder that it’s as important as ever to stay vigilant and never execute arbitrary scripts on your machines. Stay safe!
Security
Node.js