1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Malware authors have again managed to sneak malicious libraries i

    From TechnologyDaily@1337:1/100 to All on Thu Oct 21 17:15:03 2021
    Malware authors have again managed to sneak malicious libraries into npm

    Date:
    Thu, 21 Oct 2021 15:54:35 +0000

    Description:
    Researchers have discovered malicious packages inside the popular JavaScript software repository that harboured cryptomining malware.

    FULL STORY ======================================================================

    Automated malware detection systems have once again flagged several malicious packages lurking in the npm registry.

    Masquerading as legitimate JavaScript libraries, the latest round of packages launch cryptominers on Windows , macOS , and Linux machines.

    Once again, this particular discovery is a further indication that developers are the new target for adversaries over the software they write, writes SonaType , noting that all the packages were published by the same author. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    The SonaType researchers reported the malicious packages (named okhsa, klow, klown) to npm, only hours after their release, and they were unlisted by the same day, causing little to no damage. Unclear intentions

    Attacks on public repositories such as JavaScripts npm, and Python s PyPI arent nothing new, but have increased in their intensity off late. In fact, a recent report concluded that the increase in supply chain attacks aimed at upstream open source public repositories has registered a whopping 650% year on year increase in 2021.

    Npm isnt immune to these infiltrations, and SonaType has previously shared that its automated systems have identified over 12000 suspicious and
    malicious npm packages since 2019.

    Whats interesting about these newly flagged (and subsequently removed) packages is that they didnt employ any of the usual ploys to trick developers into installing them.

    It isnt clear how the author of these packages aims to target developers. There are no obvious signs observed that indicate a case of typosquatting or dependency hijacking. Klow(n) does impersonate the legitimate UAParser.js library on the surface, making this attack seem like a weak brandjacking attempt, observe the researchers.

    SonaType says it is now expanding malware detection capabilities that caught the packages in npm, to other ecosystems as well, such as PyPI .



    ======================================================================
    Link to news story: https://www.techradar.com/news/malware-authors-have-again-managed-to-sneak-mal icious-libraries-into-npm/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)