Another popular npm package infected with malware

On a risky occasion, risk actors hijacked the account of the developer of an extensively used JavaScript library, UAParser.ja, to substitute the genuine code with a malevolent one permeated with malware and Trojans.

Faisal Salman the developer of the library observed something was off when email was engulfed by spam messages.

The first reaction of Salman was “I consider someone was hijacking my npm account and distributed some compromised packages like 0.7.29, 0.8.0 and 1.0.0 which will perhaps install malware, he also pulled the library and asked other users to revert to a preceding announcement.

The UAParser.js is used by big firms like Facebook, Apple, Microsoft, IBM, Amazon and many more, and clocks around 6-7 million downloads every week.


Attacking developers on Malware

Though attackers have formerly attacked public sources to push malevolent software and malware, these attacks have been limited to typo bending or reliance hijacking.

These are attacks where the writers of the malevolent libraries hope to take benefit of downstream developers unintentionally installing their malware-riddled archive by mistake the forename of the original archive. In fact, just last week, SonaType investigators united particulars about their exertions to rid such malevolent archives from npm.

Parenthetically, one of the new malicious public library SonaType assisted eradicate last week, named Klow(n), was found mimicking UAParser.js, in what was labelled as a “weak brandjacking attempt.”

However, hijacking a developer’s account to exchange original code with a mephitic one, is a lot more severe, particularly when the objective is as widespread as UAParser.js.

According to The Record, an investigation of the malevolent library exposed that it copied scripts from a remote server, comprising a crypto miner and an info robbery Trojan that might steal credentials from the operating systems and the web browsers, and could lead to all kinds of events of distinctiveness thefts.

Soon after he dragged the upsetting library, Salman uploaded fresh cleaner discharges to influence users to modernise.

This happening straight led the US Cybersecurity and Infrastructure Safety Agency (CISA) to publish a security alert, owing to the library’s popularity.

Also Read: Twitter Doesn’t Know Why Its Algorithms Amplify Right-Leaning Political Content

Leave a Comment