{"id":2305,"date":"2026-04-05T06:06:22","date_gmt":"2026-04-05T06:06:22","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/"},"modified":"2026-04-05T06:06:22","modified_gmt":"2026-04-05T06:06:22","slug":"36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/","title":{"rendered":"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants"},"content":{"rendered":"<div>Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent\u00a0implant.<br \/>\n&#8220;Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent\u00a0implant. &#8220;Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-2305","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent\u00a0implant. &#8220;Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-05T06:06:22+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants\",\"datePublished\":\"2026-04-05T06:06:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/\"},\"wordCount\":63,\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/\",\"name\":\"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2026-04-05T06:06:22+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/","og_locale":"en_US","og_type":"article","og_title":"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants - Imperative Business Ventures Limited","og_description":"Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent\u00a0implant. &#8220;Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-04-05T06:06:22+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants","datePublished":"2026-04-05T06:06:22+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/"},"wordCount":63,"keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/","name":"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2026-04-05T06:06:22+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/05\/36-malicious-npm-packages-exploited-redis-postgresql-to-deploy-persistent-implants\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=2305"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2305\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=2305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=2305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=2305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}