Malicious NPM package Copycat Caught Tailwind CSS package



September 22, 2022Rabbi Lakshmanan

Malicious NPM package

A malicious NPM package has been discovered masquerading as a legitimate software library from Material Tailwind. This indicates an attacker’s attempt to distribute malicious code in an open source software repository.

Material Tailwind is a CSS-based framework advertised by its maintainers as “an easy-to-use component library for Tailwind CSS and Material Design”.

Karlo Zanki, a security researcher at ReversingLabs, said in a report published in The Hacker News:

cyber security

This script is designed to download a password-protected ZIP archive file containing a Windows executable that can run PowerShell scripts.

The now-removed malicious package named material-tailwindcss has so far been downloaded 320 times, all since September 15, 2022.

In an increasingly common technique, attackers covertly leverage post-installation scripts to introduce malicious functionality, taking great care to mimic functionality provided by the original package. And it seems.

It takes the form of a ZIP file retrieved from a remote server with embedded Windows binaries, and is named “DiagnosticsHub.exe”, likely attempting to pass the payload as a diagnostic utility. there is.

Malicious NPM package
Code for stage 2 download

Packed within the executable are Powershell code snippets responsible for command and control, communication, process manipulation, and establishing persistence through scheduled tasks.

The typosquatted Material Tailwind module is the latest in a long list of attacks targeting open source software repositories such as npm, PyPI, and RubyGems in recent years.

This attack also serves to highlight the software supply chain as an attack surface. This is because attackers can create cascading effects by distributing malicious code that wreaks havoc on multiple platforms and enterprise environments at once.

Supply chain threat prompts U.S. government to issue memo directing federal agencies to “use only software that complies with secure software development standards” and to obtain “self-certification of all third-party software” I came to

The White House said last week, “Ensuring software integrity is critical to protecting federal systems from threats and vulnerabilities and reducing overall risk from cyberattacks.

Did you find this article interesting?Please follow us twitter and LinkedIn to read more exclusive content we post.


Source link

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

    web design min 1

    Web Design — Top Agencies

    e2KqCnZSEqs4GncAjwKsqM 1200 80

    iPhone 15 Ultra: What we know so far