The SlowMist security team has issued an alert regarding a new npm supply chain attack involving the Shai-Hulud/Miasma/Hades malware variant. This attack, linked to the compromised npm developer account czirker, affects 23 npm packages, including leo-logger, which has a weekly download count of 3,140. The malware uses a pre-configured binding.gyp file to execute malicious code during the npm install process.
The attack has resulted in the theft of credentials from 408 GitHub repositories. Attackers can exploit this breach to steal GitHub and npm tokens, cloud service credentials, and exfiltrate local environment data. SlowMist advises security teams to review lockfiles and package histories, downgrade or remove affected packages, rotate all related keys and credentials, and enforce two-factor authentication to mitigate risks.
SlowMist Warns of npm Supply Chain Attack Affecting 23 Packages
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.