Cloud Security, Vulnerability Management
Sensitive developer data targeted by new malicious NPM packages
Novel malicious NPM packages developed by "malikrukd4732" have been discovered by Phylum, all of which could enable sensitive data exfiltration through a JavaScript file, The Hacker News reports.
All test packages, which have been identified on July 31, were reuploaded with more refinement under new legitimate-sounding names, according to Phylum researchers, who suspected that the cryptocurrency sector may have been the target of the NPM packages.
Installation of the packages prompts the deployment of the preinstall.js file that then triggers the index.js code, which scans for files and directories of various extensions. ZIP archive files are then leveraged to facilitate the delivery of the stolen data to the attackers' server.
"While these directories can have sensitive information, it's more likely they contain a lot of standard application files which are not unique to the victim's system and hence less valuable to the attacker, whose motive appears to be centered around extraction of source code or environment-specific configuration files," said Phylum.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds