Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave.
“The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly downloads,” Socket said.
The list of affected packages include @antv packages such as @antv/g2, @antv/g6, @antv/x6, @antv/l7, @antv/s2, @antv/f2, @antv/g, @antv/g2plot, @antv/graphin, and @antv/data-set, as well as related packages outside the @antv namespace, including echarts-for-react, timeago.js, size-sensor, canvas-nest.js, and others.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The application security company said the tradecraft matches Mini Shai-Hulud, where a compromised maintainer account is leveraged to push out trojanized versions in quick succession.
The development comes as the supply chain attack campaign continues to slither its way through the software supply chain, worming through different open-source registries rapidly and infecting hundreds of software packages by embedding credential-stealing code into popular development tools.
“The potential blast radius is significant because the affected publishing account is connected to widely used packages across data visualization, graphing, mapping, charting, and React component ecosystems,” Socket said. “Even if only a subset of those packages received malicious updates, the popularity of the package ecosystem creates meaningful downstream exposure for organizations that automatically pull new dependency versions.”
According to SafeDep, the attacker is said to have published 631 malicious versions across 314 packages. The stealer payload harvests more than 20 credential types, Amazon Web Services, Google Cloud, Microsoft Azure, GitHub, npm, SSH, Kubernetes, Vault, Stripe, database connection strings, and attempts Docker container escape via the host socket. The stealer is identical to the Mini Shai-Hulud payload used in the SAP compromise.
Shai-Hulud Framework
“The attack uses two execution paths,” SafeDep said. “Each compromised version adds a preinstall hook (bun run index.js). 630 of the 631 malicious versions also inject an optionalDependencies entry [pointing to imposter commits] that delivers a second copy of the payload via the legitimate antvis/G2 GitHub repository.”
“The 22-minute publish burst across 314 packages (631 versions), with an identical obfuscated payload, rules out a gradual or targeted operation. This was automated, rapid exfiltration using a stolen token.”
The self-replicating Mini Shai-Hulud campaign is assessed to be the work of a financially motivated threat actor named TeamPCP. However, as of last week, the activity has entered an aggressive, new phase after TeamPCP released the entire source code for other threat actors to use as part of a supply chain attack contest announced in partnership with BreachForums.
“The open-sourcing of a production offensive framework is not unprecedented, but it’s unusual for an active campaign,” Datadog said. “It lowers the barrier for other actors to adopt TeamPCP’s playbook including the more sophisticated techniques like OIDC token abuse, provenance forgery, and AI tool persistence hooks.”
Since then, an unknown threat actor uploaded four malicious packages, one of which contained a near-verbatim copy of the Shai-Hulud worm with its own command-and-control infrastructure, an indication that the cloned versions of the worm may infest open-source ecosystems.
This copycat wave, in turn, complicates attribution efforts, while the attacks continue to facilitate credential theft and open the door for follow-on exploitation. The incident once again demonstrates how compromising tools that are already trusted inside enterprise networks can be abused as delivery vehicles for malware. What makes the campaign truly dangerous is that one compromise feeds into the next, resulting in an ever-expanding blast radius as more packages are hacked.
“This campaign is built for credential theft at scale,” Trend Micro said in a report last week. “Organizations using GitHub Actions, PyPI, Docker Hub, GHCR [GitHub Container Registry], VS Code extensions, and cloud-connected CI runners are directly exposed to this risk.”
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests