Widespread NPM Bundle Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Safety Company on Friday warned of crypto-mining malware embedded in “UAParser.js,” a well-liked JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to take away three rogue packages that had been discovered to imitate the identical library.

Automatic GitHub Backups

The availability-chain assault focusing on the open-source library noticed three completely different variations — 0.7.29, 0.8.0, 1.0.0 — that had been printed with malicious code on Thursday following a profitable takeover of the maintainer’s NPM account.

“I imagine somebody was hijacking my NPM account and printed some compromised packages (0.7.29, 0.8.0, 1.0.0) which can in all probability set up malware,” UAParser.js’s developer Faisal Salman mentioned. The difficulty has been patched in variations 0.7.30, 0.8.1, and 1.0.1.

The event comes days after DevSecOps agency Sonatype disclosed particulars of three packages — okhsa, klow, and klown — that masqueraded because the user-agent string parser utility with the objective of mining cryptocurrency in Home windows, macOS, and Linux techniques. It is not instantly clear if the identical actor is behind the newest compromise.

“Any pc that has this package deal put in or operating ought to be thought-about absolutely compromised. All secrets and techniques and keys saved on that pc ought to be rotated instantly from a special pc,” GitHub famous in an impartial alert. “The package deal ought to be eliminated, however as full management of the pc might have been given to an out of doors entity, there isn’t a assure that eradicating the package deal will take away all malicious software program ensuing from putting in it.”

Leave A Reply

Your email address will not be published.