Security News > 2023 > June > New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain

Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems.

"The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed," software supply chain security firm Phylum said in a report released last week.

The disclosure comes as Sonatype uncovered a set of six malicious packages on the Python Package Index repository - broke-rcl, brokescolors, brokescolors2, brokescolors3, brokesrcl, and trexcolors - that were uploaded by a single account named broke.

"These packages target the Windows operating system and are identical with regards to their versioning," security researcher and journalist Ax Sharma said.

On machines running Windows, the package delivers an information stealer, whereas on Linux, it's configured to profile the system and exfiltrate that information back to a Telegram endpoint.

"While these packages may not be employing any novel payload or tactics, or have obvious targets, they are a testament to the ongoing malicious attacks that are targeting open source software registries like PyPI and npm."

News URL

https://thehackernews.com/2023/06/new-ongoing-campaign-targets-npm.html