September 30, 2023

Researchers have discovered a supply chain attack that uses packages hosted on the Node Package Manager, the manager for the Node.js JavaScript platform.

The attack involves more than two dozen NPM packages that contain obfuscated JavaScript. The packages are designed to steal from data from individuals using applications or websites where the malicious packages have been deployed.

Advertisements

The full extent of the attacks is unknown, the malicious packages are believed to have likely been used by infinite downstream websites and mobile and desktop applications. One of the malicious packages dubbed IconBurst that has been downloaded more than 17,000 times.

Typo-Squatting attack technique used in the distribution of the malicious NPM packages, where the threat actors disguise the malicious code with names like or with common misspellings of legitimate packages. The attackers impersonate high-traffic NPM models such as umbrellajs and packages published by ionic.io.

Through which they target end-users of software and their data, rather than development organizations. The similarities between the domains used to exfiltrate data suggest that the various modules in this campaign are in the control of a single actor.

Advertisements

The attack marks a significant escalation in software supply attacks and very few development organizations can detect malicious code within open-source libraries and modules and that the attacks persisted for months before being discovered.

Tags:

Leave a Reply

You may have missed

Johnson Controls Ransomware Attack

September 30, 2023

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023
%d bloggers like this: