Infostealer campaign compromises 10 npm packages, targets devs

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, "/scripts/launch.js" and "/scripts/diagnostic-report.js," which execute upon the package installation. Malicious diagnostic-report.js script Source: BleepingComputer Sonatype says that the JavaScript steals the device's environment variables and sends them to the remote host "eoi2ectd5a5tn1h.m.pipedream(.)net)". Environment variables are commonly targeted as they can contain API keys, database credentials, cloud credentials, and encryption keys, which can be used for further attacks. Malicious code introduced via update Source: Sonatype As Sonatype malware ana ... Read full article.