"The malicious code delivered through the compromised packages is an information stealer that targets local credentials, GitHub and NPM tokens, and AWS, Azure, GCP, GitHub Action, Kubernetes, and other cloud secrets."
"According to Aikido, the threat checks for GitHub Actions release workflows and then modifies package tarballs to add the payload, modify their versions, repackage them, and use stolen GitHub Actions tokens to publish them."
Four SAP NPM packages were injected with malicious code as part of the Mini Shai-Hulud supply chain attack. The affected packages include npm mbt 1.2.48 and others, which are widely used in SAP's Cloud Application Programming ecosystem. The malicious code acts as an information stealer, targeting various cloud credentials and exfiltrating them through public GitHub repositories. The attack exploited a compromised NPM token and lasted for 2-4 hours before the malicious versions were unpublished and replaced with clean versions.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]