1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft Azure developers targeted with flood of malicious npm p

    From TechnologyDaily@1337:1/100 to All on Fri Mar 25 11:00:04 2022
    Microsoft Azure developers targeted with flood of malicious npm packages

    Date:
    Fri, 25 Mar 2022 10:49:21 +0000

    Description:
    Attackers are attempting to steal personal information from Azure developers.

    FULL STORY ======================================================================

    More than 200 malicious npm packages were recently removed from the npm registry, security experts have confirmed.

    The goal of the packages was to steal personally identifiable information (PII) from the endpoints of Microsoft Azure developers.

    As per a report from The Register , security firm JFrogs automated analysis
    of the repository started raising alarms about suspicious uploads earlier
    this week. Manual inspection has since uncovered a group of more than 200 packages, all of which were essentially malware . TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window <<

    "After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure npm scope, by an
    attacker that employed an automatic script to create accounts and upload malicious packages that cover the entirety of that scope," security researchers Andrey Polkovnychenko and Shachar Menashe said in their analysis of the incident. Fooling people

    In an attempt to trick the developers, the attackers gave the malicious packages the same name as their non-malicious counterparts, with the @azure scope identifier missing.

    "The attacker is relying on the fact that some developers may erroneously
    omit the @azure prefix when installing a package," the researchers explained. "For example, running npm install core-tracing by mistake, instead of the correct command npm install @azure/core-tracing."

    But thats not the only way the attackers tried to fool people into
    downloading these malicious packages. They also added high version numbers hoping that internal npm private proxies search for newer versions of
    packages first. Read more

    Microsoft Azure review


    Microsoft wants to convince more game developers to use Azure


    Microsoft promises huge improvements in Azure uptime

    Finally, the attackers uploaded the packages via an automated script that created a unique username for each upload, probably in hopes of avoiding common detection methods.

    In total, 218 malicious packages were uploaded and were in place for two
    days. During that time, they were downloaded an average of 50 times each, totalling roughly 10,000 potential victims. Check out the best firewalls
    right now

    Via The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-azure-developers-targeted-with-flood- of-malicious-npm-packages/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)