Security News > 2021 > February > Copycats imitate novel supply chain attack that hit tech giants
These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards.
Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.
The npm package is named "Shopify-cloud," it is unlikely to have any affect on Shopify's build system which used the RubyGem package by that name, unless they are also using a private npm dependency called "Shopify-cloud."
The code for "Aol-slideshow" makes a DNS call to the author's server and transmits basic information such as IP address, computer's username, and the current directory, making a "Callback" that would notify the package publisher of a successful attack.
In recent times, npm has been repeatedly hit with malicious typosquatting packages.
Update 13-Feb-2021 11:04 PM ET: 100+ more copycat packages have been detected in the last few hours with more coming in, raising the total count from the initially reported 150 to over 275 copycats.