Security News > 2022 > July > NPM supply-chain attack impacts hundreds of websites and apps

NPM supply-chain attack impacts hundreds of websites and apps
2022-07-05 17:55

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise thousands of downstream desktop apps and websites.

As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign used typosquatting to infect developers looking for very popular packages, such as umbrellajs and ionic.io NPM modules.

If fooled by the very similar module naming scheme, they would add the malicious packages designed to steal data from embedded forms to their apps or websites.

While the ReversingLabs team reached out to the NPM security team on July 1, 2022, to report its findings, some IconBurst malicious packages are still available on the NPM registry.

The only metrics available at the time are the number of times each malicious NPM module has been installed, and ReversingLabs' stats are quite startling.

"Malicious code bundled within the NPM modules is running within an unknown number of mobile and desktop applications and web pages, harvesting untold amounts of user data."


News URL

https://www.bleepingcomputer.com/news/security/npm-supply-chain-attack-impacts-hundreds-of-websites-and-apps/