The largest supply-chain attack in NPM ecosystem history impacted approximately 10% of cloud environments after attackers compromised maintainer Josh Junon’s account through a phishing campaign, yet generated minimal profits for the perpetrators.
The attack began when Junon fell victim to a password reset phishing lure, allowing threat actors to access his NPM account and push malicious updates to highly popular packages including chalk and debug-js, which collectively receive over 2.6 billion weekly downloads. The attackers embedded cryptocurrency-stealing malware that redirected Ethereum and Solana transactions to attacker-controlled wallets.
The compromise’s reach was staggering, with Wiz security researchers finding that the targeted packages served as fundamental building blocks in 99% of cloud environments. During the two-hour window before discovery and removal, the malicious packages were downloaded by roughly 10% of cloud environments, demonstrating the rapid propagation potential of supply-chain attacks.
Despite the massive scale and widespread impact, the attackers’ fin
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: