Press ESC to close

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Category Details
Threat Actors Likely a single attacker or group responsible for compromising npm packages (@rspack/core, @rspack/cli, “vant”).
Campaign Overview On December 20, 2024, attackers used a hijacked npm token to inject malicious code into popular npm packages, deploying Monero cryptocurrency miners.
Target Regions Global users of compromised npm packages, especially developers using JavaScript tools.
Methodology Hijacking npm tokens to publish malicious package updates containing obfuscated code that deploys Monero miners.
Product Targeted Rspack: JavaScript bundler written in Rust (394,000 downloads/week for @rspack/core).
Vant: Lightweight Vue UI library (46,000 downloads/week).
Malware Reference XMRig Monero cryptocurrency miner.
Tools Used – Compromised npm token.
– Obfuscated JavaScript code.
– XMRig miner.
Vulnerabilities Exploited Insecure npm token management enabling package hijacking.
TTPs – Injecting obfuscated code into npm package updates.
– Deploying Monero miners.
– Utilizing C2 infrastructure at hxxps://80.78.2872/tokens for data exfiltration.
Attribution No specific attribution, but suspected to be a common actor targeting npmjs.com ecosystem.
Recommendations – Update to clean versions (Rspack v1.1.8, Vant v4.9.15).
– Use automated tools to detect malicious npm packages.
– Implement strict token management protocols.
– Regularly update and patch dependencies.
Source Hackread

Read full article: https://hackread.com/supply-chain-attack-rspack-vant-npm-monero-miner/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: Hackread

Published on: December 24, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *