• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
over 200 malicious npm packages caught targeting azure developers

Over 200 Malicious NPM Packages Caught Targeting Azure Developers

You are here: Home / General Cyber Security News / Over 200 Malicious NPM Packages Caught Targeting Azure Developers
March 24, 2022

A new massive scale provide chain attack has been observed focusing on Azure builders with no considerably less than 218 malicious NPM deals with the purpose of stealing own identifiable information and facts.

“Right after manually inspecting some of these deals, it grew to become apparent that this was a focused attack from the total @azure NPM scope, by an attacker that utilized an automatic script to make accounts and upload malicious packages that protect the entirety of that scope,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe claimed in a new report.

The entire established of destructive packages was disclosed to the NPM maintainers about two times following they have been printed, primary to their quick elimination, but not just before every of the packages have been downloaded close to 50 instances on common.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

The attack refers to what’s named typosquatting, which can take place when negative actors thrust rogue packages with names mimicking respectable libraries to a community software registry these as NPM or PyPI with the hope of tricking consumers into setting up them.

In this specific case noticed by the DevSecOps company, the adversary is claimed to have established dozens of malicious counterparts with the very same name as their existing @azure scope offers but devoid of the scope identify (e.g., @azure/main-tracing vs. main-tracing).

“The attacker is relying on the truth that some builders may erroneously omit the @azure prefix when installing a bundle,” the researchers reported. “For case in point, operating npm install main-tracing by slip-up, in its place of the accurate command – npm install @azure/main-tracing.”

Not only did the attack leverage a distinctive username to upload each and every one package deal to the repository to prevent boosting suspicion, the malware-laced libraries also showcased high version numbers (e.g., 99.10.9), indicating an try to carry out a dependency confusion attack.

Prevent Data Breaches

Really should a developer unwittingly install one of these deals, it leads to the execution of a reconnaissance payload that is intended to list directories as properly as collect info about the user’s current doing work directory and IP addresses associated to network interfaces and DNS servers, all of which is exfiltrated to a hardcoded remote server.

“Thanks to the meteoric rise of supply chain attacks, specially via the NPM and PyPI package deal repositories, it appears to be that far more scrutiny and mitigations really should be added,” the scientists mentioned.

“For instance, introducing a CAPTCHA mechanism on npm user development would not allow for attackers to simply build an arbitrary amount of users from which destructive deals could be uploaded, building attack identification less complicated.”

Observed this write-up exciting? Adhere to THN on Fb, Twitter  and LinkedIn to browse much more exceptional material we article.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «vmware issues patches for critical flaws affecting carbon black app VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control
Next Post: IBM launches multi-cloud key management service ibm launches multi cloud key management service»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.