Security News > 2021 > October > Popular NPM library hijacked to install password-stealers, miners

Popular NPM library hijacked to install password-stealers, miners
2021-10-23 16:51

Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.

The UA-Parser-JS library is used to parse a browser's user agent to identify a visitor's browser, engine, OS, CPU, and Device type/model.

On October 22nd, a threat actor published malicious versions of the UA-Parser-JS NPM library to install cryptominers and password-stealing trojans on Linux and Windows devices.

According to the developer, his NPM account was hijacked and used to deploy the three malicious versions of the library.

Researchers from open-source security firm Sonatype discovered three malicious NPM libraries used to deploy cryptominers on Linux and Windows devices in an almost identical manner.

While only Windows was infected with a password-stealing Trojan, it is wise for Linux users to also assume their device was fully compromised.


News URL

https://www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/