![]() Initially, the coa compromise was spotted first after its new installation routine started crashing build pipelines for React-based applications. ![]() Once inside, the threat actor added a post-installation script to the original codebase, which it run a n obfuscated TypeScript, that would check for operating system details and download a Windows batch or Linux bash script.Īccording to a deobfuscated version of the Windows batch script, the compromised packages would download and run a DLL file that, according to Windows Defender, and others, contained a version of the Qakbot trojan. Compromised rc versions: 1.2.9, 1.3.9, 2.3.9.īoth packages were compromised around the same time and were the result of attackers gaining access to a package developer's account.Rc is a configuration loader with ~14.2 million weekly downloads.Coa is a command-line argument parser with ~8.8 million weekly downloads.The security team of the npm JavaScript package manager has warned users that two of its most popular packages had been hijacked by a threat actor who released new versions laced with what appeared to be password-stealing malware. Xamarinwatchos xamarinwatchos was computed.Malware found in coa and rc, two npm packages with 23M weekly downloads netstandard2.1 netstandard2.1 was computed. ![]() netstandard2.0 netstandard2.0 was computed. Netstandard1.6 netstandard1.6 is compatible. netcoreapp3.1 netcoreapp3.1 was computed. netcoreapp3.0 netcoreapp3.0 was computed. netcoreapp2.2 netcoreapp2.2 was computed. netcoreapp2.1 netcoreapp2.1 was computed. netcoreapp2.0 netcoreapp2.0 was computed. netcoreapp1.1 netcoreapp1.1 was computed. Netcoreapp1.0 netcoreapp1.0 was computed. net8.0-windows net8.0-windows was computed. net8.0-maccatalyst net8.0-maccatalyst was computed. ![]() net8.0-android net8.0-android was computed. net7.0-windows net7.0-windows was computed. net7.0-maccatalyst net7.0-maccatalyst was computed. net7.0-android net7.0-android was computed. net6.0-windows net6.0-windows was computed. net6.0-maccatalyst net6.0-maccatalyst was computed. net6.0-android net6.0-android was computed. net5.0-windows net5.0-windows was computed. Versions Compatible and additional computed target framework versions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |