Security News > 2021 > February > Copycat researchers imitate supply chain attack that hit tech giants
These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards.
Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.
The npm package is named "Shopify-cloud," it is unlikely to have any affect on Shopify's build system which used the RubyGem package by that name, unless they are also using a private npm dependency called "Shopify-cloud."
The code for "Aol-slideshow" makes a DNS call to the author's server and transmits basic information such as IP address, computer's username, and the current directory, making a "Callback" that would notify the package publisher of a successful attack.
In recent times, npm has been repeatedly hit with malicious typosquatting packages.
Update 13-Feb-2021 11:04 PM ET: 100+ more copycat packages have been detected in the last few hours with more coming in, raising the total count from the initially reported 150 to over 275 copycats.
News URL
Related news
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)