• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
over 3 dozen data stealing malicious npm packages found targeting developers

Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers

You are here: Home / General Cyber Security News / Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
October 3, 2023

Approximately 3 dozen counterfeit deals have been learned in the npm package repository that are developed to exfiltrate delicate info from developer devices, in accordance to results from Fortinet FortiGuard Labs.

A single established of packages – named @expue/webpack, @expue/main, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable – harbored an obfuscated JavaScript file that is capable of gathering worthwhile tricks.

This consists of Kubernetes configurations, SSH keys, and method metadata these types of as username, IP deal with, and hostname.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The cybersecurity agency explained it also found another assortment of four modules, i.e., binarium-crm, occupation-support-consumer-.1.6, hh-dep-checking, and orbitplate, which benefits in the unauthorized extraction of source code and configuration files.

“The focused data files and directories may possibly include really beneficial intellectual property and delicate information, these as a variety of software and services qualifications,” security researchers Jin Lee and Jenna Wang reported. “It then archives these files and directories and uploads the ensuing archives to an FTP server.”

Some of the deals noticed have also been observed leveraging a Discord webhook to exfiltrate delicate facts, although a couple others are engineered to instantly obtain and execute a potentially malicious executable file from a URL.

In what is a novel twist, a rogue package deal named @cima/prism-utils relied on an set up script to disable TLS certification validation (NODE_TLS_REJECT_UNAUTHORIZED=), possibly rendering connections susceptible to adversary-in-the-middle (AitM) attacks.

Cybersecurity

The cybersecurity enterprise said it classified the recognized modules into 9 distinctive teams based mostly on code similarities and functions, with a vast majority of them using install scripts that operate pre or put up-put in to have out the data harvesting.

“End customers must watch for deals that hire suspicious put in scripts and training caution,” the scientists reported.

Discovered this short article appealing? Follow us on Twitter  and LinkedIn to read additional exceptional information we article.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «api security trends 2023 – have organizations improved their security API Security Trends 2023 – Have Organizations Improved their Security Posture?
Next Post: Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch warning: pytorch models vulnerable to remote code execution via shelltorch»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.