Hackers Created 250 npm Packages, Mimicking Popular AWS And Microsoft Projects


Hackers target and abuse npm packages to inject malicious code into widely used software libraries, reaching many developers and applications.

Sonatype security researchers recently identified more than 250 npm packages that mimic popular AWS, Microsoft, and other open-source projects.

A Russian hacker who alleges to be a bug bounty hunter is responsible for creating these malicious packages, which contain active reverse shell and RCE exploits.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

Fake npm Packages

This development has raised questions concerning the ethical grey area between cybersecurity research and cybercrimes, as Telegram offers malicious packages on sale.

Russian seller (Source – Sonatype)

This case exposes the continuing supply chain security problem and demonstrates how package management must be handled with care always.

The Sonatype research team found 260 npm packages imitating Microsoft, Amazon, and other authentic libraries.

These packages came out shortly after the official releases of the real ones and contained loopholes for reverse shell and dependency confusion attacks.

Even though they hold themselves as “bugbounty test,” these packages have major security implications.

This event which was named sonatype-2024-2066 is a perfect example of the continuing problem in supply chain security and how closely security research can sometimes resemble an act of swindle within npm ecosystem.

Numerous npm packages were created by a Russian hacker who seems to have had a presence on ethical hacking platforms.

Dependency confusion exploits, and remote code execution payloads are some of the malicious code contained in these packages.

The author, in turn, raises questions about his or her ethical intentions by selling such exploits.

Other packages just demonstrate successful attacks against unsuspicious organizations, consequently pointing out the dangers of typosquatting and spreading harmful packages via open-source ecosystems.

Sonatype found malicious packages designed to target AI and LLM developers and Microsoft technology-dependent organizations on the npm registry.

This followed similar PyPl attacks, which also showed a pattern of threat actors exploiting open-source registries for broad-based attacks.

Unlike adversarial actions, ethical security research is carried out through legitimate disclosure channels.

Stay in the loop with the latest cybersecurity by following us on Linkedin and X for daily updates!



Source link