| Category | Details |
|---|---|
| Threat Actors | Unknown threat actors targeting open-source ecosystems, possibly leveraging stolen tokens/accounts. |
| Campaign Overview | Compromise of popular open-source packages to inject cryptomining malware and steal crypto assets. |
| Target Regions | Global users of open-source packages from npm and PyPI ecosystems. |
| Methodology | Exploiting stolen tokens, GitHub Actions Script Injection, and malicious updates of package versions. |
| Product Targeted | Open-source packages: rspack/core, rspack/cli, vant, ultralytics, and Solana’s web3.js. |
| Malware Reference | XMRig coinminer, malicious infostealer code. |
| Tools Used | JavaScript Obfuscator, Base64 obfuscation, command and control (C2) servers. |
| Vulnerabilities Exploited | GitHub Actions Script Injection, compromised maintainer tokens. |
| TTPs | Obfuscation, token theft, insertion of malicious scripts, use of differential analysis to evade detection. |
| Attribution | No specific attribution, but linked to growing trends in cryptomining and open-source package compromises. |
| Recommendations | Regularly audit open-source dependencies, use differential analysis to detect tampering, secure tokens. |
| Source | ReversingLabs |
Read full article: https://www.reversinglabs.com/blog/cryptominers-growing-threat
The above summary has been generated by an AI language model
Leave a Reply