Supply Chain Attack
Fake WhatsApp developer libraries hide destructive data-wiping code
Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer’s computers. Two malicious NPM packages currently available in the registry target WhatsApp developers with destructive data-wiping code. The packages, discovered by researchers at Socket, masquerade as WhatsApp socket libraries and were downloaded over 1,100 […]
Amazon AI coding agent hacked to inject data wiping commands
A hacker planted data wiping code in a version of Amazon’s generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. Amazon Q is a free extension that uses generative AI to help developers code, debug, create documentation, and set up custom configurations. It is available on Microsoft’s Visual Code Studio (VCS) marketplace, where it counts nearly one […]
Hacker sneaks infostealer malware into early access Steam game
A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam. Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is […]
Hackers breach Toptal GitHub account, publish malicious npm packages
Hackers compromised Toptal’s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims’ systems. Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also […]
NPM package ‘is’ with 2.8M weekly downloads infected devs with malware
The popular NPM package ‘is’ has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts were hijacked via phishing, followed by unauthorized owner changes that went unnoticed for several hours, potentially compromising many developers who downloaded the new releases. The ‘is’ […]
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after its maintainer fell victim to a phishing attack. Other packages, namely eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall from the same maintainer, were also targeted. The attacker(s) used stolen […]
North Korean XORIndex malware hidden in 67 malicious npm packages
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation. Socket researchers […]
WordPress Gravity Forms developer hacked to push backdoored plugins
The popular WordPress plugin Gravity Forms has been compromised in what seems a supply-chain attack where manual installers from the official website were infected with a backdoor. Gravity Forms is a premium plugin for creating contact, payment, and other online forms. Based on statistic data from the vendor, the product is isntalled on around one […]
CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup
CoinMarketCap, the popular cryptocurrency price tracking site, suffered a website supply chain attack that exposed site visitors to a wallet drainer campaign to steal visitors’ crypto. On Friday evening, January 20, CoinMarketCap visitors began seeing Web3 popups asking them to connect their wallets to the site. However, when visitors connected their wallets, a malicious script drained cryptocurrency from […]
SentinelOne shares new details on China-linked breach attempt
SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. SentinelOne is an American endpoint protection (EDR/XDR) solutions provider that protects critical infrastructure in the country and numerous large enterprises. It is a high-value target for […]