• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers hijack popular npm package with millions of downloads

Researchers Hijack Popular NPM Package with Millions of Downloads

You are here: Home / General Cyber Security News / Researchers Hijack Popular NPM Package with Millions of Downloads
February 16, 2023

A popular npm bundle with additional than 3.5 million weekly downloads has been uncovered vulnerable to an account takeover attack.

“The offer can be taken around by recovering an expired domain identify for just one of its maintainers and resetting the password,” software supply chain security business Illustria mentioned in a report.

Though npm’s security protections restrict people to have only a single lively email deal with for every account, the Israeli company stated it was able to reset the GitHub password using the recovered domain.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The attack, in a nutshell, grants a menace actor accessibility to the package’s connected GitHub account, correctly earning it achievable to publish trojanized versions to the npm registry that can be weaponized to carry out supply chain attacks at scale.

This is attained by getting gain of a GitHub Motion that is configured in the repository to automatically publish the packages when new code alterations are pushed.

“Even however the maintainer’s npm consumer account is correctly configured with [two-factor authentication], this automation token bypasses it,” Bogdan Kortnov, co-founder and CTO of Illustria, stated.

NPM Package

Illustria did not disclose the name of the module, but noted that it attained out to its maintainer, who has considering that taken methods to protected the account.

This is not the first time developer accounts have been uncovered vulnerable to takeovers in new years. In May possibly 2022, a danger actor registered an expired domain applied by the maintainer related with the ctx Python package deal to seize command of the account and dispersed a destructive variation.

Identified this post fascinating? Adhere to us on Twitter  and LinkedIn to read through much more exceptional written content we post.


Some components of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News BEC Groups Target Firms With Multilingual Impersonation Attacks
Next Post: Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries Feb 16, 2023 Advanced Persistent Threat The prolific  SideWinder  group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations, according to an  exhaustive report  published by Group-IB, which also found links between the adversary and two other intrusion sets tracked as Baby Elephant and  DoNot Team . SideWinder  is also referred to as APT-C-17, Hardcore Nationalist (HN2), Rattlesnake, Razor Tiger, and T-APT4. It's suspected to be of Indian origin, although Kaspersky in 2022 noted that the attribution is no longer deterministic. The  group  has been linked to  no less than 1,000 attacks  against government organizations in the Asia-Pacific region since April 2020, according to a report from the Russian cybersecurity firm early last year. Of the 61 potential targets compiled by Group-IB, 29 of them are located Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.