Popular NPM package hijacked to release crypto-mining malware


The U.S. Agency for Cyber ​​Security and Infrastructure Security on Friday warned of crypto-mining malware embedded in “UAParser.js,” a popular NPM JavaScript library with more than 6 million weekly downloads, a few days after the NPM repository was moved to remove three malicious packages that were found to mimic the same library.

Automatic GitHub backups

The supply chain attack targeting the open source library saw three different versions – 0.7.29, 0.8.0, 1.0.0 – which were released with malicious code on Thursday following a takeover successful completion of the manager’s NPM account.

“I think someone hacked into my NPM account and released compromised packages (0.7.29, 0.8.0, 1.0.0) that will likely install malware,” said Faisal Salman, developer of UAParser.js . The problem has been corrected in versions 0.7.30, 0.8.1 and 1.0.1.

The development comes days after DevSecOps Sonatype company leaked details of three packages – okhsa, klow, and klown – which masqueraded as the user agent string analyzer utility in an attempt to exploit cryptocurrency in Windows, macOS, and Linux systems. It is not immediately clear whether the same actor is behind the latest compromise.

“Any computer on which this package is installed or running should be considered fully compromised. All secrets and keys stored on this computer should be immediately transferred from another computer,” GitHub noted in an alert. independent. “The package must be removed, but since full control of the computer may have been given to an outside entity, there can be no assurance that removing the package will remove all malware resulting from its installation.”

Source link

Leave A Reply

Your email address will not be published.