More malicious npm packages found in wake of JumpCloud supply chain hack
Contents
Two weeks after the IT management firm JumpCloud announced that it was the victim of a supply chain attack aimed at a small population of customers in the cryptocurrency industry, an investigation by ReversingLabs researchers has uncovered evidence of more malicious npm packages, with links to the same infrastructure that also appear to target cryptocurrency providers.
Specifically, ReversingLabs identified a number of additional npm packages with links to the same malicious campaign. One, named btc-api-node, was uploaded to npm on July 11th and has links to a supply chain attack first identified by the firm Phylum on June 23, and that was cited as a possible precursor to the JumpCloud attack, ReversingLabs Reverse Engineer Karlo Zanki said. Phylum has since published an additional blog post that called out the btc-api-node package and others.
All the packages in question were removed from npm soon after being posted — possibly by the threat actor. …
Specifically, ReversingLabs identified a number of additional npm packages with links to the same malicious campaign. One, named btc-api-node, was uploaded to npm on July 11th and has links to a supply chain attack first identified by the firm Phylum on June 23, and that was cited as a possible precursor to the JumpCloud attack, ReversingLabs Reverse Engineer Karlo Zanki said. Phylum has since published an additional blog post that called out the btc-api-node package and others.
All the packages in question were removed from npm soon after being posted — possibly by the threat actor. …
IoC
https://npmaudit.com/api/v4/init
[email protected]
[email protected]