Malicious child processes
Coming soon
Lstn detects child processes by monitoring process activity on the system where it's installed and running. When a new process is created and spawned by a parent process, lstn collects information about both the parent process and the newly spawned process. This information includes the command line used to start the process and the name of the parent process. The collected information is then used to generate a message indicating that a new process has been spawned by the parent process, in this case "npm install spawned a process".
For example:
During build time, malicious child processes can be spawned to carry out activities such as:
crypto mining
reverse shells
insertion of malicious payloads
Last updated