The ‘is’ npm package was compromised through a supply chain attack, resulting in backdoor malware being injected and potentially affecting millions of developers. The attack involved hijacked maintainer accounts and malicious versions of popular packages, enabling remote code execution and data exfiltration. #NPM #SupplyChainAttack
Keypoints
- The ‘is’ package is a widely used JavaScript utility library with over 2.8 million weekly downloads.
- Attackers hijacked maintainer accounts via phishing to inject malware into multiple npm packages.
- The malware includes a WebSocket-based backdoor and a Windows infostealer called ‘Scavanger.’
- Security experts recommend resetting passwords, rotating tokens, and using lockfiles to prevent further compromises.
- Additional compromised packages include ‘eslint-config-prettier,’ ‘eslint-plugin-prettier,’ and others involved in the attack.