A large-scale supply chain attack compromised 16 popular NPM packages used by over 950,000 developers, injecting malicious code that acts as a remote access trojan. The attack has widespread implications, as the malicious code can connect to command and control servers, execute commands, and hijack system paths. #Gluestack #NPM #RAT #supplychainattack
Keypoints
- Attackers injected malicious, obfuscated code into 16 NPM packages used in popular projects.
- The compromise was discovered on June 6 and continues to affect multiple packages.
- The malicious code includes a remote access trojan that communicates with command and control servers.
- Modules perform dangerous actions like directory navigation, file uploads, and executing shell commands.
- Contact attempts with package maintainers and NPM have yet to resolve the issue definitively.