- An NPM -Packing Maintains has fallen victim to a phishing -attack
- The attackers gained access to packages and updated them to wear malware
- Most antivirus programs still do not correctly mark the malicious dll
Several popular NPM packages with millions of weekly downloads were targeted and one used as a starting plate for malware implementation as its maintenance fell prey for a phishing attack.
Jounqin is a software developer who maintains Eslint-Config-Preetier, Eslint-Plugin-Preetier, Synckit, @PKGR/CORE and NAPI PostInto.
These packages help integrate and streamline code formatting with more beautiful and Eslint, manage ASync-to-sync tasks in Node.js, handle native binary installations and support core tools for bundling workflows.
Release of a clean version
Prettier is a code formatting tool that enforces consistent style by automatically reformating source code. Eslint, on the other hand, is a static code analysis tool that scans JavaScript and Typescript code for errors, style problems and potential security errors without running the code.
They recently received an E -Mail that falsified [email protected] account and who asked them to “verify” their account. They did, and thus gave attackers their login credentials. When the striker gained access, they used it to install versions 8.10.1, 9.1.1, 10.1.6 and 10.1.7 of the Package Eslint-Config-Puppets. Society quickly discovered that something was wrong and informed the developer.
It was decided that the malicious version runs a postal installer script as soon as it is installed. This script tries to perform a dll via the Roundll32 Windows System process, now marked as a Trojan.
Most of the antivirus programs still do not mark this .dll as malware. So far, only 19 out of 72 engines detect this dll as malicious.
“I’ve deleted the NPM token and will publish a new version ASAP,” Jounqin said after realizing they were compromised. “Thank you all, and sorry for my negligence.”
Here is a list of the malicious packages to be avoided:
Eslint-Config-Preetier versions 8.10.1, 9.1.1, 10.1.6 and 10.1.7.
Eslint-plugin-Preque version 4.2.2 and 4.2.3.
Synckit version 0.11.9
@PKGR/Core version 0.2.8
NAPI Postinstall version 0.3.1
Via Bleeping computer
