1 min read

Malicious npm package exfiltrating data from UNIX systems

Alina BÎZGĂ

January 14, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Malicious npm package exfiltrating data from UNIX systems

A malicious JavaScript package was uploaded Dec. 30 2019 on the Node Package Manager (npm), the world”s largest software registry, containing over 800,000 code packages that developers use to write JavaScript applications.

The package, identified as 1337qq-js, was spotted stealing sensitive data through install scrips of Unix Systems. It marks the sixth-known incident to strike the npm repository in the past three years.

According to the analysis by the npm team, only Unix Systems are targeted, and the data it collects includes running processes, environment variables, uname –a, npmrc file and /etc/hosts.

So how can this malicious package affect its users? Well, some sensitive information such as hard-coded passwords and API access tokens are sometimes stored as environment variables in JavaScript web or mobile apps.

In recent years, similar security breaches have made it on the npm repository index. Most notably, in April 2017, npm was hit with the upload of 38 malicious libraries configured to steal environment details from projects that used them.

Luckily, the malicious package was successfully removed from the npm website after a two-week shelf life.

The npm repository for 1337qq-js now reads: “This package name is not currently in use, but was formerly occupied by another package. To avoid malicious use, npm is hanging on to the package name, but loosely, and we’ll probably give it to you if you want it.”

As a security measure, developers who downloaded or used the malicious JavaScript package are urged to remove it from their systems and reset any compromised passwords or credentials.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content
Silviu STAHIE

January 21, 2022

1 min read
FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations
Filip TRUȚĂ

January 21, 2022

2 min read
Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read