Malicious npm Packages

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules.

Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors.

As many as nine packages have been identified as uploaded to npm between August 9 and 12, 2023. This includes: ws-paso-jssdk, pingan-vue-floating, srm-front-util, cloud-room-video, progress-player, ynf-core-loader, ynf-core-renderer, ynf-dx-scripts, and ynf-dx-webpack-plugins.

"Due to the sophisticated nature of the attack and the small number of affected packages, we suspect this is another highly targeted attack, likely with a social engineering aspect involved in order to get targets to install these packages," the company said.


The attack chain commences with the package.json file with a postinstall hook that executes an index.js file upon package installation. The latter uses the legitimate pm2 module as a dependency to launch a daemon process that, in turn, executes another JavaScript file named app.js.

The JavaScript code is designed to initiate encrypted two-way communication with a remote server – "ql.rustdesk[.]net," a spoofed domain masquerading as the legitimate RustDesk remote desktop software – 45 seconds after the package is installed and transmit basic information about the compromised host.

The malware then pings and waits for further instructions every 45 seconds, which are subsequently decoded and executed.

"It would appear that the attackers on the other side of this are monitoring machine GUIDs and selectively issuing additional payloads (in the form of encrypted Javascript) to any machines of interest," the Phylum Research Team said.

Both the June and August attack waves are identical in that only a small number of packages were released each time and that the adversary has been particularly careful to not release the final malicious stage, thus evading detection and limiting visibility.

The fact that the modules aren't typosquats points to an element of social engineering in which a potential target is coerced into installing them under the pretext of collaborating on an open-source project or taking a coding test.

"There are differences between the campaigns, but the TTPs (tactics, techniques, and procedures) between the two are similar," the company told the publication. "The second campaign appears to be an improvement over the first with the addition of the encryption, use of a spoofed domain (that was properly aged for an attack), and a C2 component for interactive access."

"The first campaign was only able to be tied to North Korean actors because they reused an IP that they used for the JumpCloud attack. No such mistake has been made (yet), so we can't say with absolute certainty who is behind the second campaign. Only that they appear similar."

The development follows the discovery of a typosquat version of a popular Ethereum package on npm that's engineered to make an HTTP request to a Chinese server ("wallet.cba123[.]cn" containing the user's cryptographic key.

What's more, the highly popular NuGet package, Moq, has drawn criticism after new versions 4.20.0 and 4.20.1 of the package released last week came with a new dependency referred to as SponsorLink that extracts SHA-256 hashes of developer email addresses from local Git configs and sends it to a cloud service without their knowledge or consent.

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

The controversial changes, which raise GDPR compliance issues, have been rolled back in version 4.20.2. But the damage may have been done, as Bleeping Computer reported that Amazon Web Services (AWS) has withdrawn its association with the project.

"In my opinion, the author did not intend to cause any harm but ended up damaging the trust of his users," Checkmarx researcher Jossef Harush said. "This could have been prevented if it had been open for discussion prior to publishing the new changes and accepting the content of his users."

The findings also come as organizations have been found increasingly vulnerable to dependency confusion attacks, potentially leading developers to unwittingly introduce vulnerable or malicious code into their projects, effectively resulting in large-scale supply chain attacks.

As mitigations against dependency confusion attacks, it's recommended to publish internal packages under organization scopes and reserve internal package names in the public registry as placeholders to prevent misuse.

(The story has been updated after publication to include additional responses from Phylum about the campaign.)

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.