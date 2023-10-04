Malware once again a headache for npm

By

Fortiguard finds data-thieving packages.

Fortiguard Labs is warning of a bunch of malicious packages it found in Node Package Manager (npm), the largest JavaScript software registry.

Malware once again a headache for npm

In an October 2 blog post, Fortiguard’s Jin Lee and Jenna Wang said the packages aim “to steal sensitive data, such as system or user information, via a webhook or file-sharing link”.

Lee and Wang said they identified some packages that, “while obfuscated, exfiltrate sensitive data”. 

That included “Kubernetes configurations, SSH keys, and other critical information. It also gathers basic system fingerprinting details, like username, IP address, and hostname,” they said.

The packages mostly had benign-looking names like “webpack”, “fixedwidthtable”, and “virtualsearchtable”.

A second set of packages “send HTTP GET requests to specific URLs, scanning for sensitive files and directories containing valuable intellectual property and configuration data, which is then extracted and uploaded to an FTP server.”

Source code and configuration files were captured by these packages, along with directories containing sensitive information like application and service credentials.

In all, Fortiguard identified nine groups of malicious npm packages with similar behaviours.

The nefarious activity was mostly hidden in install scripts that ran whenever the malicious package ran, Fortiguard said.

Malware remains a persistent problem for public software registries; npm was found to be hosting bad actors’ packages last year, and again earlier this year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
fortiguardnpmsecurity

Sponsored Whitepapers

How to reach the &#8216;Holy Grail&#8217; of security and performance with SASE
How to reach the ‘Holy Grail’ of security and performance with SASE
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Transforming Your Business
Transforming Your Business
The Complete Cloud Security Buyer's Guide
The Complete Cloud Security Buyer's Guide
The Complete MDR Buyer's Guide
The Complete MDR Buyer's Guide

Events

Most Read Articles

Salesforce cloud outage caused by security change

Salesforce cloud outage caused by security change
CISA warns China's BlackTech had control of routers

CISA warns China's BlackTech had control of routers
Gov to make automated decision-making transparent

Gov to make automated decision-making transparent
Australian Federal Police claw back $45m lost to BEC scammers

Australian Federal Police claw back $45m lost to BEC scammers

Digital Nation

COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
State of Security 2023
State of Security 2023
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX

Log In

  |  Forgot your password?