Three malicious packages have been identified in the npm registry, posing as a popular Telegram bot library. These packages not only harbor SSH backdoors but also include data exfiltration capabilities. The security firm Socket warns that despite appearing modest in download numbers, any successful installation can lead to severe security breaches. The malicious packages employ a technique called starjacking, enhancing their legitimacy via fraudulent links. They are programmed to manipulate Linux system SSH access and collect sensitive information, illustrating the impact of supply chain vulnerabilities.
While that number may sound modest, it only takes a single compromised environment to pave the way for wide-scale infiltration or unauthorized data access.
Supply chain security incidents repeatedly show that even a handful of installs can have catastrophic repercussions, especially when attackers gain direct access to developer systems or production servers.
Collection
[
|
...
]