- A popular NPM -Maintains Falled Swap for a phishing -attack that shares login -credentials with cyber criminals
- The attackers gained access to their NPM account and pushed malware through a popular package
- They were removed six hours later but users should still take care
Experts have warned that ‘ice cream’, an NPM package with more than 2.8 million weekly downloads, was also compromised in the same way and served malware for about six hours.
This comes shortly after Eslint-Config-Preetier, another popular NPM package, was recently compromised in a supply chain attack that caused it to operate malware, after its maintenance, Jounqin, received an e-mail that spoofed [email protected] account and asked them to Login Legitimates.
Access was used to push installation versions 8.10.1, 9.1.1, 10.1.6 and 10.1.7 by Eslint-Config-Preetier package that transported malware. Other compromised packages that belong to the same developer include Eslint-plugin-Preetier, Synckit, @PKGR/CORE and NAPI poststall.
Backdoors and infoTeals
Now, new reports claim that John Harband, maintenance of ‘ice’, was also compromised in the same way. The attackers maintained access for about six hours, pushing versions 3.3.1 to 5.0.0, which contained malicious code.
‘Ice’ is a light Javascript tool library that basically helps control what kind of value something is.
For example, it can tell you if something is a number, a list or a word. It can also check if something is empty or whether two things are the same.
It is simple but rather popular, widely used as a low level addiction in development tools, test libraries, building systems and backend and cli projects.
Malware inserted through these packages was a Websocket-based back door that gave attackers remote code execution functions on compromised final points. Eslint One also dropped Scavanger, an infoTealer that grabbed data stored in the web browser.
Via Bleeping computer
