npm packages malware
admin 1 year ago
admin #news

Hackers Exploit AWS S3 Stores To Spread Malicious Code via npm Packages

Cybercriminals have found a way to inject their malicious code into npm packages without changing the source code. They used AWS S3 buckets that were abandoned by their owners and replaced the binaries needed for the packages to work.

The attack was discovered by Checkmarx specialists who studied the case of compromise of the "bignum" package. This package distributed a malicious binary that stole users' personal data and sent it to a captured S3 bucket.


Checkmarx has also found dozens of other npm packages that are affected by the same threat. This indicates the growing interest of cybercriminals in the software supply chain, which allows them to quickly reach a large number of potential victims.


AWS S3 buckets are cloud storages that can be used for website hosting or data backup. Buckets are available at unique URLs, but their owners may forget about the storage or stop using it. Then a cybercriminal can take over the bucket and change its contents.


The "bignum" package used the node-gyp tool to download a binary file from an S3 bucket. When the bucket became unavailable, the attacker hijacked it and placed their malicious binary there. And when users downloaded or reinstalled the bignum package, they also downloaded the attacker's file.


The malicious binary, written in C++, worked just like the original one, but also collected user credentials and sent them to a compromised S3 bucket.


This attack highlights the importance of keeping your S3 buckets safe and not leaving them unattended. It is also recommended to check the source of binaries that are downloaded from npm packages. npm users can use special tools like npm audit or snyk to find vulnerabilities in their dependencies.

0
497
CraxsRat V6 - Android Rat Download | UnCracked

CraxsRat V6 - Android Rat Download | UnCracked

1673775682.png
admin
1 year ago
CraxsRat - Android Rat Download

CraxsRat - Android Rat Download

1673775682.png
admin
1 year ago
SilentBob: Team TNT Malware Campaign Targeting Misconfigured Servers

SilentBob: Team TNT Malware Campaign Targeting Misconfigured Servers

1673775682.png
admin
1 year ago
Japanese Cryptocurrency Exchange Hit by JokerSpy Attack

Japanese Cryptocurrency Exchange Hit by JokerSpy Attack

1673775682.png
admin
1 year ago
Darkweb Malware "Mystic Stealer" is Rapidly Spreading Among Attackers

Darkweb Malware "Mystic Stealer" is Rapidly Spreading Among Attackers

1673775682.png
admin
1 year ago