NPM Hacked: endanger Facebook, Apple, Amazon, Microsoft, Slack, IBM, HPE, Dell, Mozilla, Reddit

A very popular JavaScript library (npm package) was hacked and modified with code that downloads and installs a cryptocurrency miner on systems running the compromised versions.

npm

The incident was located on Friday, October 22. Affects UAParser.js, a JavaScript library for reading information stored in strings.
According to the library's official website it is used by many large companies such as Facebook, Apple, Amazon, Microsoft, Slack, IBM, HPE, Dell, , , Shopify, Reddit και πολλές άλλες από τις ελίτ της Silicon Valley.

This library has from 6 to 7 million weekly downloads, according to the npm page.

  • The violated versions are: 0.7.29, 0.8.0, 1.0.0, while the respective updates are: 0.7.30, 0.8.1, 1.0.1

"I think someone has compromised my npm account and released some compromised packages (0.7.29, 0.8.0, 1.0.0) which will most likely install malware," said Faisal Salman, author of the UAParser.js library.

A few hours after του hack, ο Salman αφαίρεσε τις παραβιασμένες εκδόσεις της βιβλιοθήκης και κυκλοφόρησε καθαρές.

Malicious code analysis revealed additional scripts that would download and run binaries from a remote server. Found binaries for Linux platforms but also for Windows. Windows users have reported that Defender blocked binaries like Trojan: Win32 / Ceprolad.A.

Due to the large number of downloads and large companies using the library, the US Cybersecurity and Infrastructure Security Agency (CISA) intervened and issued a security warning late Friday night about the incident, urging to update to secure versions.

His security team Reported also this incident and advises developers to be very careful, urging the immediate reset of passwords.

Each που έχει εγκαταστήσει ή τρέχει αυτό το πακέτο θα πρέπει να θεωρείται πλήρως παραβιασμένος. Το πακέτο πρέπει να αφαιρεθεί, αλλά καθώς ο πλήρης έλεγχος του υπολογιστή μπορεί να έχει δοθεί σε κάποια εξωτερική οντότητα, δεν υπάρχει εγγύηση ότι η αφαίρεση του πακέτου θα αφαιρέσει όλο το κακόβουλο λογισμικό.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Facebook, Apple, Amazon, Microsoft, Slack, IBM, HPE, Dell, Oracle, Mozilla, Reddit, npm, npm hacked, npm hack, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).