Cybersecurity researchers have discovered several cryptocurrency packages in the NPM register that was hijacked for sensitive information about siphon, such as Variable environment from compromised systems.
“Some of these packages – Note. “However (…) the latest versions of each of these packages were loaded with persistent scenarios.”
The affected packages and their abducted versions are below –
- Map-Curve (2.1.8)
- BNB-Javascript-SDK-Nobroadcast (2.16.16)
- @Bithighlander/Bitcoin-Cash-JS-LIB (5.2.2)
- ESLINT-CONFIG-TRAVIX (6.3.1)
- @Crossway-Finance1/SDK-V2 (0.1.21)
- @KeepKey/Protocol (7.13.3)
- @Veniceswap/Uikit (0.65.34)
- @Veniceswap/ESLINT-CONFIG-TANE (1.6.2)
- Babel-Preset-Travix (1.2.1)
- @TRAVIX/UI-TEMES (1.1.5)
- @CoinMasters/Type (4.8.16)
Analysis of these safety chain safety software packages showed that they were poisoned by a heavily embarrassed code in two different scenarios: “Package/Scenario/Launch.js” and “Package/Script/Diagnostic-report.js”.
JavaScript code, which works immediately after installing packages, designed to collect sensitive data such as API keys, accesses, SSH keys and allocate them to a remote server (“eoi2ECTD5A5tn1h.m.pipedream (.) Pure”).
Interestingly, none of the GITHUB repositories related to libraries was changed to include the same changes, causing questions as participants in the threat behind the company, it was possible to push the malicious code. It is now unknown what the company is the final goal of.
“We suggest that the reason for the abduction to be old NPM accounts that are compromised, or through accounts (exactly where the threats repeat the names of users and passwords that are traced in preliminary violations to threaten accounting on other sites).
“Given the simultaneous timing of the attacks on several projects from various officials, the first scenario (absorption of accounts) appears to be more likely, unlike the good phishing attacks.”
The data obtained emphasize the need to secure the bills with two -factor authentication (2FA) to prevent absorption attacks. They also emphasize the problems related to the implementation of such safety guarantees when open source projects reach the end of life or are no longer supported.
“The case emphasizes the urgent need to improve the supply chain safety and greater vigilance in software monitoring,” Sharma said. “Organizations should prefer security at each stage of the development process to mitigate the risks associated with the dependence of other parties.”
