Home » Typo-Squatting NPM Software Supply Chain Attack

Typo-Squatting NPM Software Supply Chain Attack

by MalwareTips
0 comment
Researchers at ReversingLabs have uncovered evidence of a widespread software supply chain attack through malicious JavaScript packages picked up via NPM.

NPM was acquired by Microsoft-owned GitHub in 2020 and has suffered from the odd issue or two over the years (from authorization problems in 2021 to credential problems this year). The latest problem stems from typo-squatting, where an attacker offers up malicious packages with names similar to (or easy misspellings of) real packages. Examples given included a variety riffing on the name ionicons, which, in reality (when spelled correctly) is a handy open source set of 1,000 icons for use with web, desktop, iOS, and Android apps. In the case of ionicons, the miscreants published 18 versions containing malicious form-stealing code; for example, icon-package (according to NPM download stats) has over 17,000 downloads. Other typo-squatting examples include umbrellaks instead of umbrellajs and so on. As for what is taken, researchers found functionality capable of gathering data from pretty much every form element on a page.

The attack looks distressingly coordinated: ReversingLabs noted the malicious package was published from December 2021 and the unnamed gang behind it appears to have since moved on to other NPM packages.

Click to expand…

Source: Read More

You may also like

Leave a Comment


Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign