Malicious NPM Packages Found Targeting Chrome Users with Hidden Script to Steal Financial and Personal Data
JFrog researchers discovered eight malicious NPM packages targeting Chrome users on Windows, using 70 layers of obfuscation to steal sensitive data, highlighting rising supply chain threats in software development.
Tech Author
Cybersecurity researchers at JFrog Security Research have found a big vulnerability hidden in eight NPM packages.These malicious packages were made to steal confidential data from Windows users who use the Google Chrome browser.They might collect passwords, credit card credentials or even user cookies.
The finding is an additional indication of how serious supply chain attacks are getting in the software sector. Hackers put malicious code into actual software tools or open-source libraries to carry out a supply chain attack. Hackers are able to reach thousands of users without having to target them one by one because many developers employ those libraries in their own projects.
The fact that the attack was so complicated makes this case much more alarming. Researchers discovered that the malicious code was concealed under 70 layers of obfuscation (tricking or scrambling code to hide what it really does), a method employed to cover up the code's genuine objective.The code covertly downloaded a certain version of Python to the victim's computer and ran a hidden script with it, all without the victim's knowledge or consent.
The attackers were two NPM users identified as "ruer" and "npjun." JFrog was swift to notify the threat, and all eight bad packages have since been removed. But the example shows that hackers are now going after open-source software libraries a lot. Hackers sometimes trick developers into installing their packages by using typosquatting, which is a way to make packages with names that are similar to well-known ones.
A security researcher at JFrog, stated that the attack showed how far these efforts have evolved. He said that the whole software supply chain needs to be under surveillance all the time and have robust automated security tools.
This event is an alarming indication that both developers and users need to be on the lookout. Open-source tools are the foundation of modern software, so it's more crucial than ever to keep them safe.
Information referenced in this article is from Hackread
