NPM Supply Chain Attack

GitLab (via Hacker News):

Our internal monitoring system has uncovered multiple infected packages containing what appears to be an evolved version of the “Shai-Hulud” malware.

Early analysis shows worm-like propagation behavior that automatically infects additional packages maintained by impacted developers. Most critically, we’ve discovered the malware contains a “dead man’s switch” mechanism that threatens to destroy user data if its propagation and exfiltration channels are severed.

[…]

The malware infiltrates systems through a carefully crafted multi-stage loading process. Infected packages contain a modified package.json with a preinstall script pointing to setup_bun.js. This loader script appears innocuous, claiming to install the Bun JavaScript runtime, which is a legitimate tool. However, its true purpose is to establish the malware’s execution environment.

Previously:

• Anthropic Acquires Bun
• NPM Packages Sabotaged
• How One Developer Broke Node, Babel, and Thousands of Projects
• GitHub’s Commitment to npm Ecosystem Security

Bun GitLab JavaScript Malware Node.js Open-source Software Programming Security

Comments RSS · Twitter · Mastodon

Leave a Comment