- An NPM Package Maintaining has been the victim of a phishing attack
- The attackers accessed the packages and updated them to carry Malware
- Most anti -virus programs are still not flagging malicious DLL correctly
Several famous NPM packages were targeted with millions of weekly downloads, and used as a launch pad for a malware deployment, when a caregiver fellated.
The Jovan is a software developer that maintains the Esslan-Config Pretier, Esslan Plugin Preteier, Connecticut, @PKGR/Core, and NAP Post installation.
These packages help to connect and smooth code formatting with pretiators and estelon, managing ASYNC-To-SYNC tasks in Node Dot J, handling the local binary installation, and supporting the basic utility to bundle the work flow.
You can like
To publish a clean version
Preteier is a code formatting tool that automatically enforces the source code through correction. On the other hand, Esslan is a stable code analysis tool that scans Javascript and type script code for insects, styling problems and potential safety shortages without running the code.
They recently received an email with a support@npmjs.com account, and who asked them to “confirm” their account. They did so, and thus the attackers were given their login certificates. When the attackers accessed, they used it to install version 8.10.1, 9.1.1, 10.1.6, and 10.1.7 of the Easlint-Config Prace Package. The community quickly saw that something was wrong, and informed the developer.
It was determined that the malicious version runs a post install script as soon as it is installed. This script Rundll32 tries to perform the DL through the Windows System process, which is now being flagged as Trojan.
The majority of anti -virus programs are still not giving it flag. So far, only 19 out of 72 engines have been calling this DLL malicious.
“I have deleted this NPM token and will publish a new version of ASAP,” which said after realizing that they had been compromised. “Thank you all, and apologize for my carelessness.”
Here is a list of malicious packages that should be avoided:
Esslan-Config Pretier version 8.10.1, 9.1.1, 10.1.6, and 10.1.7.
ESLANT Plugin Preteier Version 4.2.2 and 4.2.3.
Syncit version 0.11.9
@pkgr/core version 0.2.8
Napa Post in Stall version 0.3.1
By Blipling computer
