A recent supply chain attack exploited compromised NPM package maintainers’ accounts using phishing and typosquatting techniques to deliver malware. The attack affected popular packages like eslint-config-prettier, is, and got-fetch, leading to malware deployment on developers’ systems. #NPM #SupplyChainAttack
Keypoints
- The attack began with phishing emails impersonating the NPM registry through typosquatting.
- Malicious packages were published without changes on GitHub, making detection difficult.
- The malware included a loader designed to deploy the Scavenger browser information stealer.
- Attackers exploited NPM tokens to gain unauthorized publishing access and steal credentials.
- The compromised packages targeted cross-platform systems, with malware capable of extracting browser and system data.
Read More: https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/