Microsoft spots malicious npm package stealing data from UNIX systems | ZDNet

clicks | 10 days ago | comments: discuss | tags: cryptocurrency

Article preview (bot search)

(Original link:

TechRepublic Cheat sheet: TensorFlow, an open source software library for machine learning
Read More
The security team at npm (Node Package Manager), the de-facto package manager for the JavaScript ecosystem, has taken down today a malicious package that was caught stealing sensitive information from UNIX systems.
The malicious package is named 1337qq-js and was uploaded on the npm repository on December 30, 2019.
The package was downloaded at least 32 times, before it was spotted and today by Microsoft's Vulnerability Research team.
According to an analysis by the npm security team, the package exfiltrates sensitive information through install scripts and targets UNIX systems only.
The type of data it collects includes:
Environment variables Running processes /etc/hosts uname -a npmrc file Stealing environment variables is considered a major security breach because some information such as hard-coded passwords or API access tokens are often stored as environment variables in some JavaScript web or mobile apps.
The npm team recommends that all developers who downloaded or used this JavaScript package in their projects remove the package from their systems and rotate any compromised credentials.
This marks the sixth incident of a malicious package making it on the npm repository index, although, this is the least severe, primarily because Microsoft security analysts caught the library two weeks after it was published and before it gained a serious following.
Previous incidents of malicious npm packages making it on npm include:
June 2019 - a hacker backedoored the electron-native-notify library to insert malicious code that reached the Agama cryptocurrency wallet. November 2018 - a hacker backdoored the event-stream npm package to load malicious code inside the BitPay Copay desktop and mobile wallet apps, and steal cryptocurrency. July 2018 - a hacker compromised the ESLint library with malicious code that was designed to steal the npm credentials of other developers. May 2018 - a hacker tried to hide a backdoor in a popular npm package named getcookies. April 2017 - a hacker used typosquatting to upload 38 malicious JavaScript libraries on npm, packages configured to steal environment details from the projects where they were being used.
What's in a name? These DevOps tools come... SEE FULL GALLERY 1 - 5 of 23 NEXT PREV Security TikTok fixes security flaws that could have let hackers manipulate accounts, access personal data Google Chrome to hide notification spam starting February 2020 FBI asks Apple to help unlock iPhones belonging to alleged Pensacola shooter The bizarre story of the first ransomware attack (ZDNet YouTube) Best home security of 2019: Professional monitoring and DIY (CNET) How to protect specific folders and files in Windows (TechRepublic)...