The campaign leveraged malicious npm modules in order to harvest sensitive data from forms that were embedded in various mobile applications and websites.
This attack marks a significant escalation in software supply chain attacks.
The npm modules identified as part of the campaign have been collectively downloaded more than 27,000 times, said researchers.
Some of the most down load malicious modules are outlined under –
- icon-package deal (17,774)
- ionicio (3,724)
- ajax-libs (2,440)
- footericon (1,903)
- umbrellaks (686)
- ajax-library (530)
- pack-icons (468)
- icons-package (380)
- swiper-bundle (185), and
- icons-deals (170)
Finally the malware authors behind the campaign additional switched up their tactics in the latest months to assemble information from each form element on the web page, indicating an intense technique to information harvesting.