"Every package contains three files (package.json, index.js, postinstall.js), has no description, repository, or homepage, and uses version 3.6.8 to appear as a mature Strapi v3 community plugin."
"The packages, uploaded by four sock puppet accounts over a period of 13 hours, are listed below - strapi-plugin-cron, strapi-plugin-config, strapi-plugin-server, and many others."
"All identified npm packages follow the same naming convention, starting with 'strapi-plugin-' and then phrases like 'cron,' 'database,' or 'server' to fool unsuspecting developers into downloading them."
Researchers identified 36 malicious packages in the npm registry masquerading as Strapi CMS plugins. These packages contain harmful payloads designed for Redis and PostgreSQL exploitation, deploying reverse shells, and harvesting credentials. Each package lacks a description, repository, or homepage, and uses version 3.6.8 to mimic legitimate Strapi plugins. They follow a naming convention starting with 'strapi-plugin-' to deceive developers. The packages were uploaded by four accounts within a short timeframe, posing significant security risks to unsuspecting users.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]