Malicious npm package steals source code

News 2023-09-10 09:44:08 views: null

e00cd73ba77b84103404749ae757e66a.gif Focus on source code security and collect the latest information at home and abroad!

Compiled by: Code Guard

Unknown threat actors are attacking developers with malicious npm packages in an attempt to steal source code and configuration files from victim machines.

9295fae1f52267dafc83220bf462938c.png

Checkmarx issued a report stating that "the threat actors behind this activity are related to a malicious activity in 2021. They have been releasing malicious packages since then." Phylum disclosed earlier this month that a large number of npm modules are used to transfer valuable The information is extracted to the remote server.

By design, these packages are configured to execute immediately via post-installation hooks defined in the package.json file, triggering the startup of preinstall.js, allowing index.js to capture system metadata and harvest source code from specific directories. and confidential information.

The attack reaches its peak when the script creates a ZIP archive of the data and transfers it to a predefined FTP server. A common feature connecting all packages is having "lexi2" as the author in the package.json file, allowing Checkmarx to trace the origin of the activity back to 2021. While the exact target of the attack is unclear, the use of package names such as binarium-client, binarium-crm, and rocketrefer suggests that the attack is aimed at the cryptocurrency industry.

Security researcher Yehuda Gelb said, “It’s important to realize that the cryptocurrency industry continues to be a popular target, and we’re not just fighting malicious packages, but also persistent adversaries who spend months or even years planning attacks. important."

Code Guard trial address: https://codesafe.qianxin.com

Open source guard trial address: https://oss.qianxin.com

Recommended reading

North Korean hackers accused of launching large-scale npm malicious package attack

Malicious npm package extracts developer’s sensitive data

NPM ecosystem vulnerable to Manifest obfuscation attack

The npm ecosystem is attacked by a unique execution chain

Malware TurkoRat hidden in NPM malware

Original link

https://thehackernews.com/2023/08/malicious-npm-packages-aim-to-target.html

Title image: Pixabay License

This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qianxin Code Guard https://codesafe.qianxin.com" when reprinting.

cbbdedd18be65fb9e94ef1cd5b5a41a7.jpeg

370b1e8c30a53ec70a9e785da2a3cc90.jpeg

Qi Anxin code guard (codesafe)

The first domestic product line focusing on software development security.

   9556694394b78a9a03800bf343a1724e.gif If you think it’s good, just click “Looking” or “Like”~

Guess you like

Origin blog.csdn.net/smellycat000/article/details/132613864
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com