NPM Packages Plucking Info From Apps and Forms Identified
Table of Contents
- By Steven
- Published: Jul 07, 2022
- Last Updated: Jul 07, 2022
Digital security specialists have identified harmful NPM packages that have stolen significant information from online forms and apps. The supply chain attack zeroed in on NPM package managers.
When did the Attack Begin?
The attack started in December of 2021. The initial aggression centered on using rogue modules that steal information typed into online forms.
How was the Attack Conducted?
Hackers collaboratively conducted the attack. At the moment, digital security researchers believe two parties were involved in the attack. Those two groups are Reversing Labs and IconBurst. Analysis shows many NPM packages used in the attack, including concealed JavaScript with harmful codes embedded. The attack plucked valuable data from several web-based forms on websites and mobile applications.
The aggression revolved around an attack method referred to as typo-squatting. Typo-squatting is a strategic form of attack in which attackers use repositories available to the public to transmit packages. The writing within the packages has monikers with strings of letters that make them appear to be legitimate. There are approximately 30,000 downloads of these packages so far. Repositories also allow users to obtain problematic packages.
Which Modules Were Downloaded the Most?
The module downloaded the most was the icon package, with a total of nearly 18,000 downloads. The module of ionicio came in second with almost 4,000 downloads. Swiper-bundles, pack-icons, ajax-library, footericon, and umbrellaks rounded out the pack.
One of the data exfiltrations performed with icon packages connects to the ionicio domain. This page replicated the official website of ionic.io. The thieves are responsible for the digital campaign recently altered their strategies to collect data from web page elements to highlight the optimal approach to gathering information. Services and applications are clearly vulnerable, especially when there is a component significantly lacking in fortification.
What Lesson can be Taken Away From the Attack?
The use of NPM packages to steal sensitive information should serve as a siren call for all business owners, managers, IT specialists, and others. The fact that NPM packages can swipe valuable data indicates how application development occurs, and online threats evolve into new forms.
Furthermore, the considerable success of the attack described above generally reinforces how we perform application development. The minimal barriers preventing susceptible or potentially harmful code from moving into potentially volatile applications or tech spaces ultimately create an avenue for digital aggression that can cause considerable and lasting damage. Above all, be sure to add and update digital security shields to safeguard your valuable information, systems, and software.