Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

  /     /     /  
Publicated : 23/11/2024   Category : security


Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data


A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report.



A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function. 
After further investigation, analysts with ReversingLabs reported they have uncovered a campaign dating back at least six months that used more than two dozen malicious NPM modules to steal data from sites and applications. All together, the team found that 27,000 instances of the malicious NPM packages had been downloaded. 
While the full extent of this attack isn’t yet known, the malicious packages we discovered are likely used by hundreds, if not thousands, of downstream mobile and desktop applications as well as websites, the ReversingLabs researchers explained in a blog post. In one case, a malicious package had been downloaded more than 17,000 times.
The attack relies on so-called
typo-squatting
, where threat actors disguise malicious code packages with names very close to legitimate ones, including subtle naming variations and common misspellings, the researchers said. 
For instance, one of the malicious packages lurking in the NPM repository is named umbrellaks, an attempt to hijack developers looking for the popular document object model (DOM) framework umbrellajs, the ReversingLabs team added. 
What makes this supply chain reminiscent of the 
SolarWinds attack
, the analysts pointed out, is the fact that the target isnt the developer inadvertently using the malicious code but, rather, the target site or application further down the software supply chain.
This attack marks a significant escalation in software supply-chain attacks, according to the ReversingLabs
malicious NPM
 report. Malicious code bundled within the NPM modules is running within an unknown number of mobile and desktop applications and web pages, harvesting untold amounts of user data.
Most of the malicious open source modules are still are still available, despite the analysts reporting their findings to NPM on July 1, they added. The report contains a list of affected packages.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data