Security News > 2022 > July > Typo-squatting NPM software supply chain attack uncovered

Researchers at ReversingLabs have uncovered evidence of a widespread software supply chain attack through malicious JavaScript packages picked up via NPM. NPM was acquired by Microsoft-owned GitHub in 2020 and has suffered from the odd issue or two over the years.
The latest problem stems from typo-squatting, where an attacker offers up malicious packages with names similar to real packages.
The attack looks distressingly coordinated: ReversingLabs noted the malicious package was published from December 2021 and the unnamed gang behind it appears to have since moved on to other NPM packages.
Bad actors have attempted to cover up the malicious code lurking within packages using an obfuscator.
ReversingLabs has already reported its findings to NPM and The Register asked the package slinger and its parent, GitHub, what could be done about the attack.
"The success of this attack - with more than two dozen malicious modules available for download on a popular package repository, and one of them with 17,000 downloads in a matter of weeks - underscores the freewheeling nature of application development, and the low barriers to malicious or even vulnerable code entering sensitive applications and IT environments." .
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/06/npm_supply_chain_attack/
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)