Concealed backdoor in fake AWS files escaped mainstream notice
Researchers found fake AWS packages on NPM with hidden backdoor code targeting developers. Despite being reported, the packages were available for two days, revealing challenges in detecting and removing threats promptly. Malware in open source repositories is becoming more sophisticated, evading security products. The incident highlights the need for vigilance when using third-party libraries.
Read original article
Researchers discovered two fake AWS packages on the NPM JavaScript repository containing hidden backdoor code targeting developers' computers. The malicious packages mimicked a legitimate library but included an additional JavaScript file with code for backdooring devices. Despite being reported, the packages remained available for nearly two days, highlighting a gap in detecting and removing such threats promptly. The incident underscores the increasing sophistication of attacks on open source repositories, with malware evading detection by most security products. The concealed code executed commands from images, demonstrating a new level of stealth in backdoor implementation. This discovery follows a trend of rising malicious packages in open source ecosystems, emphasizing the importance of vigilance when using third-party libraries. The incident serves as a reminder for developers and security organizations to stay alert and cautious about the software they integrate into their projects.
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
3M iOS and macOS apps were exposed to potent supply-chain attacks
Vulnerabilities in CocoaPods server exposed 3 million apps to supply-chain attacks for a decade. Flaws allowed hackers to inject malicious code, compromising sensitive user data. Developers urged to prioritize security measures.
Many website admins have yet to get memo to remove Polyfillio links
More than 384,000 websites linked to a code library involved in a supply-chain attack by a Chinese firm. Industry responses included domain suspensions and ad blocks. Over 1.6 million sites linked to potentially malicious domains. The incident highlights supply-chain attack risks.
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum
A threat actor is selling an unverified npm vulnerability for account takeover on BreachForums. npm has not confirmed the vulnerability. The dark web forum's reputation for cybercrime raises doubts. npm Registry is a prime target for attacks, emphasizing the need for security measures like enabling 2FA and code review.
The XZ Backdoor Is More Interesting Than It Should Be
A backdoor in xz Utils, a Linux compression tool, allowed SSH hijacking. Discovered by Andres Freund, linked to contributor Jia Tan, suspected state-sponsored hacker. Incident emphasizes open-source vulnerabilities and community's detection capabilities.
4 commentsRelated
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
3M iOS and macOS apps were exposed to potent supply-chain attacks
Vulnerabilities in CocoaPods server exposed 3 million apps to supply-chain attacks for a decade. Flaws allowed hackers to inject malicious code, compromising sensitive user data. Developers urged to prioritize security measures.
Many website admins have yet to get memo to remove Polyfillio links
More than 384,000 websites linked to a code library involved in a supply-chain attack by a Chinese firm. Industry responses included domain suspensions and ad blocks. Over 1.6 million sites linked to potentially malicious domains. The incident highlights supply-chain attack risks.
Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum
A threat actor is selling an unverified npm vulnerability for account takeover on BreachForums. npm has not confirmed the vulnerability. The dark web forum's reputation for cybercrime raises doubts. npm Registry is a prime target for attacks, emphasizing the need for security measures like enabling 2FA and code review.
The XZ Backdoor Is More Interesting Than It Should Be
A backdoor in xz Utils, a Linux compression tool, allowed SSH hijacking. Discovered by Andres Freund, linked to contributor Jia Tan, suspected state-sponsored hacker. Incident emphasizes open-source vulnerabilities and community's detection capabilities.