Security News > 2021 > February > Copycat researchers imitate supply chain attack that hit tech giants
These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards.
Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.
The npm package is named "Shopify-cloud," it is unlikely to have any affect on Shopify's build system which used the RubyGem package by that name, unless they are also using a private npm dependency called "Shopify-cloud."
The code for "Aol-slideshow" makes a DNS call to the author's server and transmits basic information such as IP address, computer's username, and the current directory, making a "Callback" that would notify the package publisher of a successful attack.
In recent times, npm has been repeatedly hit with malicious typosquatting packages.
Update 13-Feb-2021 11:04 PM ET: 100+ more copycat packages have been detected in the last few hours with more coming in, raising the total count from the initially reported 150 to over 275 copycats.
News URL
Related news
- Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters (source)
- Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms (source)
- Revival Hijack supply-chain attack threatens 22,000 PyPI packages (source)
- Australian Police conducted supply chain attack on criminal collaborationware (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw (source)