Two NPM Packages With 22 Million Weekly Downloads Found Backdoored #Cybersecurity - The Entrepreneurial Way with A.I.

Breaking

Sunday, November 7, 2021

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored #Cybersecurity

#HackerNews

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts.

The two libraries in question are "coa," a parser for command-line options, and "rc," a configuration loader, both of which were tampered by an unidentified threat actor to include "identical" password-stealing malware.

All versions of coa starting with 2.0.3 and above — 2.0.3, 2.0.4, 2.1.1, 2.1.3, 3.0.1, and 3.1.3 — are impacted, and users of the affected versions are advised to downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity, according to a GitHub advisory published on November 4. In a similar vein, versions 1.2.9, 1.3.9, and 2.3.9 of rc have been found laced with malware, with an independent alert urging users to downgrade to version 1.2.8.

Additional analysis of the dropped malware samples show it be a DanaBot variant which is a Windows malware for stealing credentials and passwords, echoing two similar incidents from last month that resulted in the compromise of UAParser.js as well as the publishing of rogue, typosquatted Roblox NPM libraries.

"To protect your accounts and packages from similar attacks, we highly recommend enabling [two-factor authentication] on your NPM account," NPM said in a tweet.

Found this article interesting? Follow THN on

Facebook

,

Twitter

and

LinkedIn

to read more exclusive content we post.



via https://www.AiUpNow.com

November 7, 2021 at 11:54PM by noreply@blogger.com (Ravie Lakshmanan), Khareem Sudlow