malicious

now browsing by tag

 
 

Malicious npm package taken down after Microsoft warning – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm (Node Package Manager).

The problem package, 1337qq-js, was uploaded to npm on 31 December, after which it was downloaded at least 32 times according to figures from npm-stat.

According to a security advisory announcing its removal, the package’s suspicious behaviour was first noticed by Microsoft’s Vulnerability Research team, which reported it to npm on 13 January 2020:

The package exfiltrates sensitive information through install scripts. It targets UNIX systems.

The data it steals includes:

  • Environment variables
  • Running processes
  • /etc/hosts
  • uname -a
  • npmrc file

Any of these could lead to trouble, especially the theft of environment variables which can include API tokens and, in some cases, hardcoded passwords.

Anyone unlucky enough to have downloaded this will need to rotate those as a matter of urgency in addition to de-installing 1337qq-js itself.