The npm and PyPI package ecosystems experienced significant supply-chain attacks, where four malicious packages were downloaded over 56,000 times. These packages integrate surveillance features such as keylogging, screen capturing, and credential theft. A third attack compromised an npm account after attackers obtained a credential token through a phishing scheme. The attack used a spoofed URL resembling the legitimate npm site to gather sensitive authentication tokens. The incidents highlight vulnerabilities within package dependency systems.
Malicious packages published on npm and PyPI had been downloaded more than 56,000 times, containing malware that enabled keylogging and other surveillance functionalities.
Socket termed the malware as surveillance malware, highlighting the covert observation and data exfiltration tactics utilized in malicious dependencies.
The attackers successfully obtained a credential token through a targeted phishing attack, leading to a compromise of an npm account and the upload of malicious code.
Phishing emails directed recipients to a typosquatting URL mimicking the official npm site to capture authentication tokens from unsuspecting developers.
Collection
[
|
...
]