Five popular JavaScript libraries, including the 'eslint-config-prettier' npm package, have been compromised to become malware droppers following a supply chain intrusion stemming from the successful phishing of their maintainer JounQin, BleepingComputer reports.
Attackers have launched a phishing email purporting to be from '[email protected]' that includes a link redirecting to the fraudulent npnjs[.]com domain, which infected the widely used libraries, according to JounQin, who already removed the npm token while promising the immediate creation of a new version. Organizations have been urged not to install the trojanized packages, which execute the 'install.js' npm post-install script with a nefarious function running the 'node-gyp.dll' file upon installation, as well as conduct lockfile verification and rotate potentially leaked secrets. Such a development comes a month after more than a dozen widely used Gluestack packages had been breached to facilitate remote access trojan distribution. Over 10 npm libraries have also been hijacked as part of an information-stealing malware campaign earlier this year.
Attackers have launched a phishing email purporting to be from '[email protected]' that includes a link redirecting to the fraudulent npnjs[.]com domain, which infected the widely used libraries, according to JounQin, who already removed the npm token while promising the immediate creation of a new version. Organizations have been urged not to install the trojanized packages, which execute the 'install.js' npm post-install script with a nefarious function running the 'node-gyp.dll' file upon installation, as well as conduct lockfile verification and rotate potentially leaked secrets. Such a development comes a month after more than a dozen widely used Gluestack packages had been breached to facilitate remote access trojan distribution. Over 10 npm libraries have also been hijacked as part of an information-stealing malware campaign earlier this year.
