"Researchers at Socket found fake packages aimed at app developers looking for pgserve and automagik. The attack resembles a recent campaign dubbed CanisterWorm, which replaced legitimate packages with malware on npm."
"The fake automagik/genie package showed 6,744 weekly downloads, while the fake pgserve package had about 1,300 weekly downloads. Malicious versions are still being published and identified."
"Researchers at StepSecurity found malicious versions of pgserve on npm, noting that compromised versions inject a 1,143-line credential-harvesting script that runs via postinstall every time it is installed."
Malicious versions of pgserve and automagik have been discovered in the npm JavaScript registry, posing significant risks to application developers. Downloading these packages can result in the theft of sensitive data, including tokens, SSH keys, and credentials for major cloud platforms. The malware spreads to connected devices, amplifying the threat. Researchers at Socket and StepSecurity have identified these fake packages, which are linked to a broader supply chain attack. The investigation into the full extent of the compromise is ongoing, with new malicious versions still emerging.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]