Forwarded from Технологический Болт Генона
Тут опять NPM поломали
Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contains malicious code. These were 18 very popular packages,
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week)
debug (357.6m downloads per week)
ansi-styles (371.41m downloads per week)
All together, these packages have more than 2 billion downloads per week.
npm debug and chalk packages compromised
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
Был подсунут обфусцированный код, который перехватывал трафик
> This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs. It injects itself into functions like fetch, XMLHttpRequest, and common wallet interfaces, then silently rewrites values in requests and responses.
Украли доступ через фишинг у одного мантейнера
https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydje4zqis2y
В статье утверждается, что похожей атаке подвергся и мантейнер других пакетов
Таблицу с версиями пакетов прикрепил к посту
Дополнительные ссылки почитать
We Just Found Malicious Code in the Popular NPM Package
https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the
https://news.ycombinator.com/item?id=45169657
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
Issue
https://github.com/chalk/chalk/issues/656
https://github.com/debug-js/debug/issues/1005#issuecomment-3266885191
Что бы проверить нет ли в ваших зависимостях гадости
Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contains malicious code. These were 18 very popular packages,
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week)
debug (357.6m downloads per week)
ansi-styles (371.41m downloads per week)
All together, these packages have more than 2 billion downloads per week.
npm debug and chalk packages compromised
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
Был подсунут обфусцированный код, который перехватывал трафик
> This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs. It injects itself into functions like fetch, XMLHttpRequest, and common wallet interfaces, then silently rewrites values in requests and responses.
Украли доступ через фишинг у одного мантейнера
https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydje4zqis2y
В статье утверждается, что похожей атаке подвергся и мантейнер других пакетов
Таблицу с версиями пакетов прикрепил к посту
Дополнительные ссылки почитать
We Just Found Malicious Code in the Popular NPM Package
https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the
https://news.ycombinator.com/item?id=45169657
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
Issue
https://github.com/chalk/chalk/issues/656
https://github.com/debug-js/debug/issues/1005#issuecomment-3266885191
Что бы проверить нет ли в ваших зависимостях гадости
$ rg -uu --max-columns=80 --glob '*.js' _0x112fa8
group-telegram.com/parrotontheweb/511
Create:
Last Update:
Last Update:
Тут опять NPM поломали
Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contains malicious code. These were 18 very popular packages,
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week)
debug (357.6m downloads per week)
ansi-styles (371.41m downloads per week)
All together, these packages have more than 2 billion downloads per week.
npm debug and chalk packages compromised
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
Был подсунут обфусцированный код, который перехватывал трафик
> This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs. It injects itself into functions like fetch, XMLHttpRequest, and common wallet interfaces, then silently rewrites values in requests and responses.
Украли доступ через фишинг у одного мантейнера
https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydje4zqis2y
В статье утверждается, что похожей атаке подвергся и мантейнер других пакетов
Таблицу с версиями пакетов прикрепил к посту
Дополнительные ссылки почитать
We Just Found Malicious Code in the Popular NPM Package
https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the
https://news.ycombinator.com/item?id=45169657
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
Issue
https://github.com/chalk/chalk/issues/656
https://github.com/debug-js/debug/issues/1005#issuecomment-3266885191
Что бы проверить нет ли в ваших зависимостях гадости
Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contains malicious code. These were 18 very popular packages,
backslash (0.26m downloads per week)
chalk-template (3.9m downloads per week)
supports-hyperlinks (19.2m downloads per week)
has-ansi (12.1m downloads per week)
simple-swizzle (26.26m downloads per week)
color-string (27.48m downloads per week)
error-ex (47.17m downloads per week)
color-name (191.71m downloads per week)
is-arrayish (73.8m downloads per week)
slice-ansi (59.8m downloads per week)
color-convert (193.5m downloads per week)
wrap-ansi (197.99m downloads per week)
ansi-regex (243.64m downloads per week)
supports-color (287.1m downloads per week)
strip-ansi (261.17m downloads per week)
chalk (299.99m downloads per week)
debug (357.6m downloads per week)
ansi-styles (371.41m downloads per week)
All together, these packages have more than 2 billion downloads per week.
npm debug and chalk packages compromised
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
Был подсунут обфусцированный код, который перехватывал трафик
> This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs. It injects itself into functions like fetch, XMLHttpRequest, and common wallet interfaces, then silently rewrites values in requests and responses.
Украли доступ через фишинг у одного мантейнера
https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydje4zqis2y
В статье утверждается, что похожей атаке подвергся и мантейнер других пакетов
Таблицу с версиями пакетов прикрепил к посту
Дополнительные ссылки почитать
We Just Found Malicious Code in the Popular NPM Package
https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the
https://news.ycombinator.com/item?id=45169657
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack
Issue
https://github.com/chalk/chalk/issues/656
https://github.com/debug-js/debug/issues/1005#issuecomment-3266885191
Что бы проверить нет ли в ваших зависимостях гадости
$ rg -uu --max-columns=80 --glob '*.js' _0x112fa8
BY 🦜 on the web
Share with your friend now:
group-telegram.com/parrotontheweb/511