Sourcing-Code Turns Malicious

What we have achieved as a modern society is something that goes beyond everything our ancestors imagined. However, the world of today wouldn’t have looked the way it does, if it wasn’t for the foundations we found laid for us by them. They showed us it could be done and we just took it to another level. One of the things that modern generation takes great pride in is the fact that we have put ourselves in a position where we are not just taking care of bare minimum. Instead, a piece of our focus is largely wrapped around answering some of the biggest questions posed at the world. Our methodologies to answer these questions are also great in number, but the biggest tool in our arsenal by a country a mile has to be technology. The way we have diversified this supreme tool has resulted in revamping of our floor level, and consequentially, our ceiling. We don’t want to just tap on the surface these days. What we want to do is break through it and explore the depths that guide us towards an even better tomorrow. However, as advanced as we are, we cannot skirt past the flipsides of our extensive tinkering.

There is no doubt that we have captured a pasture full of possibilities with the help of all the cutting-edge tools at our disposal today, but we have also opened a Pandora box of problems. The hackers across the globe no longer have any dearth of targets and it showed up once again in a software supply-chain attack. A team of researchers recently uncovered a credentials-stealing code bomb lying dormant in Node Package Manager open-source code repository. As per the reports, the planted malware was instructed to use legitimate password-recovery tools in Google Chrome for stealing user’s credentials. When you realize the whopping number of applications that source code from that repository, you start to see how devastating this attack was intended to be.

If the researchers’ findings are true, the password-stealer is multifunctional. It listens to the command coming from the attacker’s command-and-control server (C2), but it can also upload files, record from the victim’s screen and camera, and execute shell attacks. This NPM infiltration wasn’t the first one, which gives a strong indication that code repositories are now becoming the latest weapon for cybercriminals, something that can have grave implications.

Hot Topics

Related Articles