Malicious NPM Packages, are trying to hide which kinds of Intentions?
First, we should know what NPM Packages are? NPM is a Package Manager for Java Programme. It manages the modules so that nodes can easily find them. Also, it manages dependency conflicts smartly. Publishing, discovering, installing, and developing node programs are some of its features.
A few days ago, the NPM Supply-Chain Attack was in the spotlight. It uses Malicious NPM Modules that contain Obfuscated JavaScript Code. The main motive after doing that was to get access to Desktop Apps and Websites.
Researcher From ReversingLabs
According to the research, it was like the Attacker used typosquatting to get the attention of Developers needing popular Packages. Some of them are as follows:
- ad iconic[.]io
- Umbrella JS NPM Modules
- In case, a developer gets in the trap of a similarly named module scheme, he/ she may be adding some malicious packages from embedded forms to their Apps and Websites. These packages are specially customized to steal data.
- E.g. – one of these packages was downloaded over 17,000 times. The motive of this package was to compromise serialized form data to multiple attacker-controlled domains.
Note: Researchers got something so intimidating and that’s all of the domains are similar in a way that is used to exfiltrate information. It has been observed that all kinds of modules used in the main event were controlled by an individual threat actor. |
In Details
- When researchers went to the NPM Security Team just trying to show the evidence and alert them for advancement, it was found out that IconBurst Malicious Packages were still having access to the NPM Registry.
- The download rate of all the NPM Modules observed by Researchers is 27,000.
- The real issue is that only some of the corporations manage to identify malicious code on the open-source modules and libraries. In this condition, the effect of the attack stayed too long hidden from the security experts. Gotta believe that it will be tough on everyone, if not taken seriously.
NEXT x WORRIES
We don’t know how far this attack will go and how many people would be affected by this. Even though these malicious modules were used hundreds of times, we got no stable reasoning. To prevent the previous NPM Packages from spreading supply-chain risks, organizations need new processes & tools. These tools will help in maintaining the security of Data and Technology of Organizations.
If you want to learn more about such information you can search for articles online. Many PDFs are available on the Playstore regarding Malware Analysis. Other than that, you can join a Malware Analysis Course offered by Craw Security after 10th in Delhi.
This course has several tools and techniques via which you can fight against this malware and protect your clients’ data. You’ll be having professionals to teach you to become a professional malware analyst. What are you waiting for? Enroll, Now!
Kindly read more articles :
Market Again in Hype because of Latest Hacking Tools in 2022
“BLACK BASTA MALWARE” IS THE BIGGEST THREAT EVER TILL NOW!