IconBurst attack offers malicious versions of NPM packages
Researchers at ReversingLabs have reported an attack on the NPM supply chain dating back to December 2021, in which dozens of malicious NPM modules containing obfuscated JavaScript code were used to compromise hundreds of desktop applications and websites.
For this attack, dubbed IconBurst, the typo-squatting technique was used, offering packages via public repositories with similar names or common misspellings of legitimate packages. The investigation reported a total of 27,000 downloads of these malicious packages.
References:
- 05/07/2022 bleepingcomputer.com NPM supply-chain attack impacts hundreds of websites and apps
- 05/07/2022 thehackernews.com Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
- 06/07/2022 blog.malwarebytes.com IconBurst software supply chain attack offers malicious versions of NPM packages
- 08/07/2022 unaaldia.hispasec.com Investigadores descubren paquetes NPM maliciosos que roban datos de aplicaciones y formularios web
Tags: