Security News > 2021 > February > Copycats imitate novel supply chain attack that hit tech giants

Copycats imitate novel supply chain attack that hit tech giants
2021-02-12 17:11

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards.

Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.

The npm package is named "Shopify-cloud," it is unlikely to have any affect on Shopify's build system which used the RubyGem package by that name, unless they are also using a private npm dependency called "Shopify-cloud."

The code for "Aol-slideshow" makes a DNS call to the author's server and transmits basic information such as IP address, computer's username, and the current directory, making a "Callback" that would notify the package publisher of a successful attack.

In recent times, npm has been repeatedly hit with malicious typosquatting packages.

Update 13-Feb-2021 11:04 PM ET: 100+ more copycat packages have been detected in the last few hours with more coming in, raising the total count from the initially reported 150 to over 275 copycats.


News URL

https://www.bleepingcomputer.com/news/security/copycats-imitate-novel-supply-chain-attack-that-hit-tech-giants/