Contagious Interview attackers go 'full stack' to fool you

Contagious Interview attackers go 'full stack' to fool you

Briefly

"Researchers at Socket have uncovered more details of a sophisticated software supply-chain operation linked to the Contagious Interview campaign attacking developers who rely on packages from NPM. They report finding a "full stack" operation behind the attacks, where code hosting, package distribution, staging servers and command-and control (C2) infrastructure are orchestrated much like a legitimate software development and delivery pipeline - and offer honest developers fresh advice on protecting themselves against the attacks."

"In the latest wave, threat actors uploaded almost 200 new malicious NPM packages, with more than 31,000 recorded downloads. The campaign lures victims with fake job interviews and coding assignments related to Web3 and blockchain projects, asking them to pull dependencies for a "test project". But the NPM packages they install are Trojan horses. The latest packages identified by Socket ultimately deliver a new payload with upgraded credential theft, system monitoring and remote access capabilities, enabling them to take over developers' accounts and machines."

"Based on its latest analysis, Socket advised developers to focus on the weak points this campaign exploits, and to treat every "npm install" as potential remote code execution, restrict what continuous-integration runners can access, enforce network egress controls, and review the code of any new templates or utilities pulled from GitHub. Teams should also scrutinize unfamiliar helper packages, pin known-good versions, and use lockfiles instead of auto-updating dependencies, it advised."