More than 180 NPM packages were hit in a fresh supply chain attack that uses self-replicating malware to steal secrets, publish them on GitHub, and make private repositories public.
As part of the attack, hackers compromised over 40 developer accounts and published more than 700 malicious package versions to the NPM registry.
The attack was flagged on September 15 by Loka senior software engineer Daniel dos Santos Pereira, but started on September 14 with less than a dozen malicious packages being published. By the end of the day, roughly 50 package versions had been published.
[...]
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit
-
rbc
- Secretary
- Posts: 441
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit
Robert B. Carleton + ISC2 Central Mississippi Secretary