Security News > 2023 > June > New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries
In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves.
"Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then exfiltrates the stolen data to the hijacked bucket," Checkmarx researcher Guy Nachshon said.
The attack was first observed in the case of an npm package called bignum, which, until version 0.13.0, relied on an Amazon S3 bucket to download pre-built binary versions of an addon named node-pre-gyp during installation.
"These binaries were published on a now-expired S3 bucket which has since been claimed by a malicious third party which is now serving binaries containing malware that exfiltrates data from the user's computer," according to a GitHub advisory published on May 24, 2023.
An unknown threat actor is said to have seized on the opportunity that the S3 bucket was once active to deliver malware when unsuspecting users downloaded the package in question.
Checkmarx said it found numerous packages using abandoned S3 buckets, making them susceptible to the novel attack vector.
News URL
https://thehackernews.com/2023/06/new-supply-chain-attack-exploits.html
Related news
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)