Another targeted attack against the npm package registry has been discovered.
This time, the attacker focuses on convincing developers to download malicious JavaScript files instead of the legitimate ones they’ve uploaded to npm.
The attack chain commences with the discovery of a typosquat version of a popular Ethereum package on npm that’s engineered to make an HTTP request to a Chinese server (wallet.cba123[.js]) .
The subsequent execution of this JavaScript file then executes another JavaScript file named app.js.
This completes the chain of events seen in the image above.
In addition, attackers have also targeted the npm registry with similar ads designed to entice unsuspecting developers into downloading malevolent modules.
Interestingly, these packages have been uploaded between August 9 and 12, 2023.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply