Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Trojanized jQuery packages found in the npm, GitHub, and jsDelivr code repositories
Global Security

Trojanized jQuery packages found in the npm, GitHub, and jsDelivr code repositories

AdminBy AdminJuly 9, 2024No Comments2 Mins Read
Trojanized jQuery Packages
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 9, 2024Information hallSupply Chain Attack / Cybersecurity

Trojanized jQuery packages

Unknown threat actors were found to be distributing trojanized versions jQuery on npm, GitHub and jsDelivr in what appears to be an instance of a “sophisticated and persistent” supply chain attack.

“This attack stands out for its high variability between packets,” Phylum said in an analysis published last week.

“The attacker cleverly hid the malware in a rarely used”the end‘ a jQuery function that is called internally by the more popular ‘fadeTo‘ from its animation utility.”

Cyber ​​security

68 packages are tied to the promotion. They were published to the npm registry between May 26 and June 23, 2024, using names such as cdnjquery, footersicons, jquertyi, jqueryxxx, logoo, and sytlesheets, among others.

There is evidence to suggest that each of the fake packages was compiled and published manually due to the large number of packages published from different accounts, name differences, the inclusion of personal files, and the long period of time over which they were uploaded.

This differs from other common techniques where attackers tend to follow a predefined pattern that emphasizes the automation element involved in creating and publishing packages.

The malicious modification, according to the type, was made to a feature called “end” that allows a threat actor to steal website form data to a remote URL.

Further investigation revealed that the trojanized jQuery file resides in a GitHub repository associated with an account named “index.” Also present in the same repository are JavaScript files containing a script that points to a modified version of the library.

Cyber ​​security

“It’s worth noting that jsDelivr creates these GitHub URLs automatically without the need to upload anything to the CDN explicitly,” Fillum said.

“This is likely an attacker’s attempt to make the source look more legitimate or to sneak past a firewall using jsDelivr instead of downloading the code directly from GitHub itself.”

The development comes as Datadog identified a number of packages in the Python Package Index (PyPI) repository with capabilities to download a second-stage binary from an attacker-controlled server, depending on the processor architecture.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.