Security News > 2022 > July > Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them.

The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest sensitive data from forms embedded downstream mobile applications and websites.

"These clearly malicious attacks relied on typo-squatting, a technique in which attackers offer up packages via public repositories with names that are similar to - or common misspellings of - legitimate packages," security researcher Karlo Zanki said in a Tuesday report.

"Attackers impersonated high-traffic NPM modules like umbrellajs and packages published by ionic.io."

The packages in question, most of which were published in the last months, have been collectively downloaded more than 27,000 times to date.

"The success of this attack underscores the freewheeling nature of application development, and the low barriers to malicious or even vulnerable code entering sensitive applications and IT environments."

News URL

https://thehackernews.com/2022/07/researchers-uncover-malicious-npm.html