North Korean State Actors Exploit Open Source Supply Chain via Malicious npm Package
Contents
Trusty is a free-to-use web app that provides data and scoring on the supply chain risk for open source packages.
Minder is a supply chain security platform that helps you build more secure software and attest to your security practices.
🚨 Security Alert 🚨 On July 22nd, our Trusty team flagged a malicious npm package, next-react-notify, shortly after it was published. This package is a modified version of the popular call-bind with an added malicious script. Our detection system identified suspicious metadata signals, revealing a complex attack. Key indicator: a preinstall hook in the package.json file which silently executes and deletes the downloader script.
On 22nd July, the Trusty threat detection team discovered a malicious npm package published an hour prior. Our package detection system analyzes a number of metadata signals to identify anomalies in the open source package ecosystem.
As such, Trusty flagged the package
next-react-notify as suspicious. Further investigation revealed a complex, multi-stage …
Minder is a supply chain security platform that helps you build more secure software and attest to your security practices.
🚨 Security Alert 🚨 On July 22nd, our Trusty team flagged a malicious npm package, next-react-notify, shortly after it was published. This package is a modified version of the popular call-bind with an added malicious script. Our detection system identified suspicious metadata signals, revealing a complex attack. Key indicator: a preinstall hook in the package.json file which silently executes and deletes the downloader script.
On 22nd July, the Trusty threat detection team discovered a malicious npm package published an hour prior. Our package detection system analyzes a number of metadata signals to identify anomalies in the open source package ecosystem.
As such, Trusty flagged the package
next-react-notify as suspicious. Further investigation revealed a complex, multi-stage …
IoC
166.88.61.72
337c114002a8b25b1ee47546b637391d413a2bfb7275c439c8758a23fc77e441
43a28fc5a1ee46da0e5698fed473802ab6af5f83233b9287459ec2e0f6250efa
9d27159f34d4534afaa3f3e8de51c4d9b2e4001235633bac43bd7d3772cb774e
B57b75d015526b862ae469b825c7a18a157927e0c9415050f1abe9df67523520
http://166.88.61.72
http://166.88.61.72/explorer/search.asp?token=3092
337c114002a8b25b1ee47546b637391d413a2bfb7275c439c8758a23fc77e441
43a28fc5a1ee46da0e5698fed473802ab6af5f83233b9287459ec2e0f6250efa
9d27159f34d4534afaa3f3e8de51c4d9b2e4001235633bac43bd7d3772cb774e
B57b75d015526b862ae469b825c7a18a157927e0c9415050f1abe9df67523520
http://166.88.61.72
http://166.88.61.72/explorer/search.asp?token=3092