The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux.
There has been another supply chain attack on the JavaScript package manager npm: The HTTP client axios had a backdoor on board. Attackers had previously taken over the axios maintainer's account. The attack is likely bywithout malware available, and the original maintainer has regained control of the package.
Anyone using axios should check if the malware-infected version has made its way onto their system meanwhile. In addition to version 1.14.1, the attackers also released version 0.30.4 with the malware on npm, which also no longer exists.will take place. The tenth edition of the conference on secure software development moves to Marburg this year. The motto remains "Secure software starts before the first line of code." The dropper behaves differently depending on the operating system. On Windows, it loads a PowerShell script; on macOS, a Mach-O binary; and on Linux, a Python backdoor. Several methods are used to conceal the attack: The script is obfuscated with Base64 and XOR, and setup.js attempts to delete itself and reset the package.json file after successfully loading the payload.The platform-specific malware then loads the backdoor, which Google Threat Intelligence identified in an analysis as WAVESHAPER.V2 due to its strong similarities to the WAVESHAPER backdoor. Since the original backdoor is attributed to the UNC1069 group, Google Threat Intelligence suspects that the North Korean group is also behind the attack on axios.WAVESHAPER.V2 ultimately functions as a remote access trojan: The software contacts a C2 server and expects commands likefrom the server every minute, to execute further scripts or executables or to retrieve information about directories and files. TheAnyone using the axios package should check if versions 1.14.1 or 0.30.4 with the malware have entered their system. Automated systems should be pinned to the fixed version number instead of downloading the latest version.Links zu verschenkten Artikeln werden ungültig, wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Developer IT Malware Security Software Supply Chain Npm
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Anonymisierendes Linux Tails 7.6 wechselt den Passwort-ManagerDie Entwickler setzen im anonymisierenden Linux Tails 7.6 auf einen einfacheren Passwort-Manager und verbessern die Verbindung.
Read more »
Kaufberatung: Neue Build-Maschine für Windows-Builds (c++) (BudgetIm ComputerBase-Forum diskutieren technikbegeisterte Menschen über Computer, Notebooks, Smartphones, Tablets, Games etc.
Read more »
Microsoft will sich mit Windows 11 wieder Mühe gebenMicrosoft plant, die Windows-Apps von Grund auf neu zu gestalten: weg von langsamen Web-Wrappern und hin zu echten nativen Anwendungen.
Read more »
Malware auf npm: HTTP-Client axios lädt Backdoor für Windows, macOS und LinuxDer Maintainer-Account für das Paket axios auf npm wurde geknackt, um einen Remote-Access-Trojaner für Windows, macOS und Linux einzuschleusen.
Read more »
Windows-Update-Vorschau jetzt als Update außer der Reihe verfügbarAm Wochenende hat Microsoft die Verteilung der Windows-Update-Vorschauen gestoppt. Nun stehen sie als ungeplantes Update bereit.
Read more »
Promptware: Wie weit Malware für KI-Systeme schon istAttacken auf große Sprachmodelle gehen mittlerweile weit über reine Prompt-Injections hinaus. Zeit für eine Bestandsaufnahme.
Read more »