๐ HashDit Alerts on NPM Supply Chain Attack Involving Malicious Package
#HashDit #NPM #SupplyChainAttack #MaliciousPackage #CtrlTinycolor #Web3Security #DependencyManagement #SecurityAlert
The Web3 security firm HashDit stated on X, โAnother NPM supply chain attack involving the package '@ctrl/tinycolor' has been identified, with malicious versions being distributed.โ The package, which receives 2.2 million weekly downloads, has been compromised to execute unauthorized scripts. Users are advised to review their dependencies and ensure they are using secure versions to prevent potential security breaches.#HashDit #NPM #SupplyChainAttack #MaliciousPackage #CtrlTinycolor #Web3Security #DependencyManagement #SecurityAlert
๐ North Korean Hackers Target Software Libraries with Malicious Code
#NorthKoreanHackers #Npm #Malware #MaliciousPackages #InfectiousInterview #Express #Hardhat #Blockchain #Web3 #Cryptocurrency #WalletSecurity #MemoryDecryption #Loader #GitHub #SupplyChainSecurity #CodeScanning #DependencyManagement #SoftwareSecurity
According to PANews, a report by U.S. cybersecurity firm Socket reveals that North Korean hackers have uploaded over 300 malicious code packages to the popular software repository npm. These packages, disguised as misspelled versions of popular libraries like express and hardhat, contain malware capable of stealing passwords and cryptocurrency wallet keys. The operation, dubbed 'Infectious Interview,' involves hackers posing as tech recruiters targeting blockchain and Web3 developers. Despite some malicious packages being removed after approximately 50,000 downloads, several remain online. Researchers traced the code patterns back to North Korean hacker groups, noting the use of memory decryption techniques in loader scripts to avoid detection. Although GitHub has enhanced verification processes and removed some malicious packages, the threat to supply chain security persists. Security experts advise development teams to treat each dependency installation as a potential code execution risk, recommending thorough scanning and verification before integration into projects.#NorthKoreanHackers #Npm #Malware #MaliciousPackages #InfectiousInterview #Express #Hardhat #Blockchain #Web3 #Cryptocurrency #WalletSecurity #MemoryDecryption #Loader #GitHub #SupplyChainSecurity #CodeScanning #DependencyManagement #SoftwareSecurity