Security News > 2022 > May > Malicious NPM Packages Target German Companies in Supply Chain Attack

Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent companies based in Germany to carry out supply chain attacks.
"Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts as a backdoor and allows the attacker to take total control over the infected machine," researchers from JFrog said in a new report.
Some of the package names are said to be very specific, raising the possibility that the adversary managed to identify the libraries hosted in the companies' internal repositories with the goal of staging a dependency confusion attack.
The findings build on a report from Snyk late last month that detailed one of the offending packages, "Gxm-reference-web-auth-server," noting that the malware is targeting an unknown company that has the same package in their private registry.
"The attacker(s) likely had information about the existence of such a package in the company's private registry," the Snyk security research team said.
"The attack is highly targeted and relies on difficult-to-get insider information," the researchers said.
News URL
https://thehackernews.com/2022/05/malicious-npm-packages-target-german.html
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)