Security News > 2022 > July > NPM supply-chain attack impacts hundreds of websites and apps
An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise thousands of downstream desktop apps and websites.
As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign used typosquatting to infect developers looking for very popular packages, such as umbrellajs and ionic.io NPM modules.
If fooled by the very similar module naming scheme, they would add the malicious packages designed to steal data from embedded forms to their apps or websites.
While the ReversingLabs team reached out to the NPM security team on July 1, 2022, to report its findings, some IconBurst malicious packages are still available on the NPM registry.
The only metrics available at the time are the number of times each malicious NPM module has been installed, and ReversingLabs' stats are quite startling.
"Malicious code bundled within the NPM modules is running within an unknown number of mobile and desktop applications and web pages, harvesting untold amounts of user data."
News URL
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)