Researchers have uncovered a software supply-chain attack involving packages hosted on the Node Package Manager (npm), which is the package manager for the Node.js JavaScript platform.
The campaign leveraged malicious npm modules in order to harvest sensitive data from forms that were embedded in various mobile applications and websites.
NPM Module
This attack marks a significant escalation in software supply chain attacks.
Malicious code within NPM module is running within an unknown number of mobile, desktop and web pages harvesting N number of users data. Researchers first uncovered the malicious npm packages after detecting that they were using an obfuscation and encoding tool that is aimed at protecting the code of JavaScript applications from being stolen or reverse engineered.
The npm modules identified as part of the campaign have been collectively downloaded more than 27,000 times, said researchers.
Some of the most down load malicious modules are outlined under –
- icon-package deal (17,774)
- ionicio (3,724)
- ajax-libs (2,440)
- footericon (1,903)
- umbrellaks (686)
- ajax-library (530)
- pack-icons (468)
- icons-package (380)
- swiper-bundle (185), and
- icons-deals (170)
Finally the malware authors behind the campaign additional switched up their tactics in the latest months to assemble information from each form element on the web page, indicating an intense technique to information harvesting.
File Hash
- 8ab228743d3fef5c89aa55c7d3a714361249eba8
- f0221e1707075e2976010d279494bb73f0b169c7
Follow us for more, Facebook, Twitter, LinkedIn and Instagram
Leave A Comment