| Category | Details |
|---|---|
| Threat Actors | Likely a single attacker or group responsible for compromising npm packages (@rspack/core, @rspack/cli, “vant”). |
| Campaign Overview | On December 20, 2024, attackers used a hijacked npm token to inject malicious code into popular npm packages, deploying Monero cryptocurrency miners. |
| Target Regions | Global users of compromised npm packages, especially developers using JavaScript tools. |
| Methodology | Hijacking npm tokens to publish malicious package updates containing obfuscated code that deploys Monero miners. |
| Product Targeted | - Rspack: JavaScript bundler written in Rust (394,000 downloads/week for @rspack/core). - Vant: Lightweight Vue UI library (46,000 downloads/week). |
| Malware Reference | XMRig Monero cryptocurrency miner. |
| Tools Used | - Compromised npm token. - Obfuscated JavaScript code. - XMRig miner. |
| Vulnerabilities Exploited | Insecure npm token management enabling package hijacking. |
| TTPs | - Injecting obfuscated code into npm package updates. - Deploying Monero miners. - Utilizing C2 infrastructure at hxxps://80.78.2872/tokens for data exfiltration. |
| Attribution | No specific attribution, but suspected to be a common actor targeting npmjs.com ecosystem. |
| Recommendations | - Update to clean versions (Rspack v1.1.8, Vant v4.9.15). - Use automated tools to detect malicious npm packages. - Implement strict token management protocols. - Regularly update and patch dependencies. |
| Source | Hackread |
Read full article: https://hackread.com/supply-chain-attack-rspack-vant-npm-monero-miner/
The above summary has been generated by an AI language model
Stay Updated with Our Newsletter
Related posts:
Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams
New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection
Ukraine uncovers Russian spy network recruiting teens for espionage
3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group
Leave a Reply