In what’s nevertheless another instance of source chain attack concentrating on open up-resource software package repositories, two common NPM packages with cumulative weekly downloads of nearly 22 million ended up located to be compromised with destructive code by getting unauthorized access to the respective developer’s accounts.
The two libraries in dilemma are “coa,” a parser for command-line selections, and “rc,” a configuration loader, both equally of which had been tampered by an unidentified threat actor to involve “identical” password-thieving malware.
All variations of coa starting with 2..3 and earlier mentioned โ 2..3, 2..4, 2.1.1, 2.1.3, 3..1, and 3.1.3 โ are impacted, and end users of the afflicted versions are recommended to downgrade to 2..2 as shortly as doable and check out their units for suspicious activity, according to a GitHub advisory posted on November 4. In a equivalent vein, variations 1.2.9, 1.3.9, and 2.3.9 of rc have been found laced with malware, with an unbiased notify urging users to downgrade to version 1.2.8.
More analysis of the dropped malware samples display it be a DanaBot variant which is a Windows malware for thieving credentials and passwords, echoing two identical incidents from very last thirty day period that resulted in the compromise of UAParser.js as effectively as the publishing of rogue, typosquatted Roblox NPM libraries.
“To safeguard your accounts and offers from identical attacks, we really advocate enabling [two-factor authentication] on your NPM account,” NPM reported in a tweet.
Located this report fascinating? Observe THN on Fb, Twitter ๏ and LinkedIn to browse extra exclusive content material we submit.
Some parts of this article are sourced from:
thehackernews.com
Google pins slow Pixel 6 fingerprint recognition on 'enhanced security'