Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Trojanized jQuery packages found in the npm, GitHub, and jsDelivr code repositories
Global Security

Trojanized jQuery packages found in the npm, GitHub, and jsDelivr code repositories

AdminBy AdminJuly 9, 2024No Comments2 Mins Read
Trojanized jQuery Packages
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 9, 2024Information hallSupply Chain Attack / Cybersecurity

Trojanized jQuery packages

Unknown threat actors were found to be distributing trojanized versions jQuery on npm, GitHub and jsDelivr in what appears to be an instance of a “sophisticated and persistent” supply chain attack.

“This attack stands out for its high variability between packets,” Phylum said in an analysis published last week.

“The attacker cleverly hid the malware in a rarely used”the end‘ a jQuery function that is called internally by the more popular ‘fadeTo‘ from its animation utility.”

Cyber ​​security

68 packages are tied to the promotion. They were published to the npm registry between May 26 and June 23, 2024, using names such as cdnjquery, footersicons, jquertyi, jqueryxxx, logoo, and sytlesheets, among others.

There is evidence to suggest that each of the fake packages was compiled and published manually due to the large number of packages published from different accounts, name differences, the inclusion of personal files, and the long period of time over which they were uploaded.

This differs from other common techniques where attackers tend to follow a predefined pattern that emphasizes the automation element involved in creating and publishing packages.

The malicious modification, according to the type, was made to a feature called “end” that allows a threat actor to steal website form data to a remote URL.

Further investigation revealed that the trojanized jQuery file resides in a GitHub repository associated with an account named “index.” Also present in the same repository are JavaScript files containing a script that points to a modified version of the library.

Cyber ​​security

“It’s worth noting that jsDelivr creates these GitHub URLs automatically without the need to upload anything to the CDN explicitly,” Fillum said.

“This is likely an attacker’s attempt to make the source look more legitimate or to sneak past a firewall using jsDelivr instead of downloading the code directly from GitHub itself.”

The development comes as Datadog identified a number of packages in the Python Package Index (PyPI) repository with capabilities to download a second-stage binary from an attacker-controlled server, depending on the processor architecture.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025

Russian APT29 operates Gmail app passwords to get around 2FA in the target phishing campaign

June 19, 2025

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025

Russian APT29 operates Gmail app passwords to get around 2FA in the target phishing campaign

June 19, 2025

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025

The new malicious company uses Cloudflare tunnels to deliver rats through phishing networks

June 18, 2025

1500+ Minecraft players infected with malicious Java software

June 18, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.