It is common knowledge that businesses and people should safeguard publicly accessible applications and services against latent threats. Threat actors are always looking for easier methods to infiltrate a network, thus there will always be weak links. One approach to do this is to take advantage of developers’ faith in third-party code. A software package from the npm repository was discovered to be used as a tool to steal credentials saved in the Chrome browser in one such incident.
What Transpired?
On Windows systems, the malware was discovered using legal password recovery tools. It can access the camera and screen, as well as do file lookups, directory lists, file uploads, and shell command execution. Since 2018, the packages have been in the npm registry and have been downloaded over 2,000 times.
Why does it matter?
The malware has been present in the npm registry for three years, which is a cause for alarm. This danger demonstrates that attacks against open-source ecosystems are persistent and capable of escaping discovery for long periods of time.
Conclusions
Cybercriminals have entered PyPI as well as npm to mine cryptocurrency illegally. This recent instance demonstrates how developers can place too much faith in third-party code at times. Malware can be easily hidden in public package repositories. As a result, there is an increasing demand for security solutions that can assist detect and fight against these attacks quickly.
To read more, please check eScan Blog
