Another popular npm package infected with malware

Another popular npm package germy with malware

Representational image depecting cybersecurity protection

(Image credit: Shutterstock)

In an audacious incident, threat actors hijacked the business relationship of the developer of a widely used JavaScript subroutine library, UAParser.ja, to replace the legitimate code with malicious one infused with malware and trojans.

The depository library's developer Faisal ibn Abdel Aziz al-Saud Salman noticed something was off when his email was full by spam messages.

"I believe someone was hijacking my npm account and published some compromised packages (0.7.29, 0.8.0, 1.0.0) which will probably install malware," was Salman's first reaction Eastern Samoa he yanked the library and asked users to turn back to a previous unloosen.

UAParser.js is misused past the likes of Facebook, Apple, Amazon, Microsoft, IBM, and very much more, and clocks between 6-7 million downloads weekly.

Attacking developers

While attackers make previously attacked public repositories to push poisonous software and malware, these attacks have been restricted to typosquatting or dependency highjacking.

These are attacks where the authors of the malicious libraries hope to capitalize of downstream developers accidentally instalmen their malware-riddled library by misspelling the name of the original library. In fact, just last week, SonaType researchers shared inside information about their efforts to rid such vicious libraries from npm.

Incidentally, one of the recent malicious libraries SonaType helped hit last workweek, onymous Klow(n), was set up impersonating UAParser.js, in what was tagged as a "weak brandjacking attempt."

Nevertheless, hijacking a developer's account to replace genuine code with a poisonous one, is very much more serious, specially when the target is As touristy as UAParser.js.

Reported to The Phonograph record, psychoanalysis of the malicious library revealed that it downloaded scripts from a unlikely host, including a cryptominer and an information stealing trojan that could steal credentials from the operating systems and the web browsers, and could lead to all kinds of incidents of identity element thefts.

Soon after he pulled the violative depository library, Salman uploaded new cleaner releases urging users to update.

The incident even light-emitting diode the US Cybersecurity and Substructure Security Way (CISA) to publish a security alarm, owing to the library's popularity.

With almost 2 decades of writing and coverage happening Linux, Mayank Sharma would like everyone to reckon he's TechRadar Pro's expert on the matter. Of course, he's just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.