Security News > 2021 > October > Popular NPM library hijacked to install password-stealers, miners
Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.
The UA-Parser-JS library is used to parse a browser's user agent to identify a visitor's browser, engine, OS, CPU, and Device type/model.
On October 22nd, a threat actor published malicious versions of the UA-Parser-JS NPM library to install cryptominers and password-stealing trojans on Linux and Windows devices.
According to the developer, his NPM account was hijacked and used to deploy the three malicious versions of the library.
Researchers from open-source security firm Sonatype discovered three malicious NPM libraries used to deploy cryptominers on Linux and Windows devices in an almost identical manner.
While only Windows was infected with a password-stealing Trojan, it is wise for Linux users to also assume their device was fully compromised.