IconBurst attack offers malicious versions of NPM packages

Posted date 20/07/2022

Researchers at ReversingLabs have reported an attack on the NPM supply chain dating back to December 2021, in which dozens of malicious NPM modules containing obfuscated JavaScript code were used to compromise hundreds of desktop applications and websites.

For this attack, dubbed IconBurst, the typo-squatting technique was used, offering packages via public repositories with similar names or common misspellings of legitimate packages. The investigation reported a total of 27,000 downloads of these malicious packages.

Etiquetas