Friday, June 9, 2023

Researchers hijack in style NPM bundle with thousands and thousands of downloads

Latest News

A preferred npm bundle that’s downloaded over 3.5 million instances every week has been discovered susceptible to an account takeover assault.

Illustria, a software program provide chain safety agency, mentioned in a report that “the bundle could be taken over by restoring the expired area title and resetting the password for one among its maintainers.”

Though npm safety limits customers to solely have one energetic e-mail tackle per account, the Israeli firm claims it was in a position to reset their GitHub password utilizing the restored area. says.

Merely put, this assault grants the attacker entry to the GitHub account related to the bundle, successfully publishing a trojanized model to the npm registry to launch a provide chain assault at scale. in order that it may be weaponized to run on

That is achieved by leveraging GitHub Actions configured on the repository to routinely publish packages when new code adjustments are pushed.

Bogdan Kortnov, co-founder and CTO of Illustria, mentioned:

NPM package

Illustria didn’t disclose the title of the module, however famous that it contacted the maintainer who took steps to safe the account.

This is not the primary time developer accounts have been discovered susceptible to hijacking in recent times. In Might 2022, attackers registered an expired area utilized by the maintainer related to the ctx Python bundle to take management of the account and distribute a malicious model.

See also  Cynet protects hospitals from lethal infections


Please enter your comment!
Please enter your name here

Hot Topics

Related Articles