- A popular NPM maintenance was prey to a phishing attack, sharing login credentials with cybercriminals
- The attackers accessed their NPM account and pushed malware through a popular package
- They were removed six hours later, but users must still be cautious
Experts have warned that ‘IS’, an NPM package with more than 2.8 million weekly discharges, was also compromised in the same way and served as malware for approximately six hours.
This occurs shortly after the configger control, another popular NPM package, was recently compromised in an attack on the supply chain that made him serve to malware, after his maintenance, Jounqin, he received an email that falsified the support account of [email protected], asking them to “verify” their account which one, when they did, they did to the attackers of login.
Access was used to boost installation versions 8.10.1, 9.1.1, 10.1.6 and 10.1.7 of the Eslint-Config-Prettier package, which carried malware. Other compromised packages belonging to the same developer include Eslint-Plugin-Prettier, Syckit, @Pkgr/Core and Napi-Poststalll.
Rear doors and infants
Now, the new reports affirm that John Harband, the ‘IS’ maintenance, was also committed in the same way. The attackers had access for approximately six hours, during which versions 3.3.1 to 5.0.0, containing malicious code pushed.
‘IS’ is a Light Javascript utility library that basically helps verify what type of value is something.
For example, you can tell you if something is a number, a list or a word. You can also verify if something is empty or if two things are the same.
It is simple, but quite popular, is widely used as a dependence on low level public services in development tools, test libraries, construction systems and Backend and Cli projects.
The malware implemented through these packages was a back door based on websockt that awarded the execution capabilities of the remote code of the attackers in compromised final points. The ESLINT was also dropping Scavanger, an infositor who takes stored data on the web browser.
Through Bleepingcomputer
