npm
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer’s account in a phishing attack. Josh Junon (qix), the package maintainer whose accounts were hijacked in this supply-chain attack, confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email […]
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
Investigations into the Nx “s1ngularity” NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and repository secrets leaked. According to a post-incident evaluation by Wiz researchers, the Nx compromise has resulted in the exposure of 2,180 accounts and 7,200 repositories across three distinct phases. Wiz also stressed that the incident’s scope […]
Fake WhatsApp developer libraries hide destructive data-wiping code
Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer’s computers. Two malicious NPM packages currently available in the registry target WhatsApp developers with destructive data-wiping code. The packages, discovered by researchers at Socket, masquerade as WhatsApp socket libraries and were downloaded over 1,100 […]
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal’s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims’ systems. Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also […]
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package ‘is’ has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The ‘is’ […]
npm ‘accidentally’ removes Stylus package, breaks builds and pipelines
npm has taken down all versions of the real Stylus library and replaced them with a “security holding” page, breaking pipelines and builds worldwide that rely on the package. A security placeholder webpage is typically displayed when malicious packages and libraries are removed by the admins of npmjs.com, the world’s largest software registry primarily used for JavaScript and Node.js development. But that […]
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after its maintainer fell victim to a phishing attack. Other packages, namely eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall from the same maintainer, were also targeted. The attacker(s) used stolen […]
North Korean XORIndex malware hidden in 67 malicious npm packages
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers […]
New wave of ‘fake interviews’ use 35 npm packages to spread malware
A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. The packages were discovered by Socket Threat Research, which reports they load the BeaverTail info-stealer and InvisibleFerret backdoor on victims’ machines, two well-documented payloads associated with DPRK actors. The latest attack wave uses […]
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 16 popular Gluestack ‘react-native-aria’ packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). GeekFeed determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the react-native-aria/focus package was published to NPM. Since […]