Comment on page
Spawning child processes
Lstn detects child processes by monitoring process activity on the system where it's installed and running. When a new process is created and spawned by a parent process, lstn collects information about both the parent process and the newly spawned process. This information includes the command line used to start the process and the name of the parent process. The collected information is then used to generate a message indicating that a new process has been spawned by the parent process, in this case "npm install spawned a process".
During npm install, malicious child processes can be spawned to carry out activities such as:
- crypto mining
- sensitive data exfiltration
- insertion of malicious payloads
Last modified 8mo ago