Summary: Ten npm packages were recently updated to include malicious code designed to steal sensitive information from developers’ systems, particularly targeting environment variables. The attack affected several cryptocurrency-related packages, most notably the widely used ‘country-currency-map’ package. Researchers hypothesize that the attack may have occurred through compromised npm maintainer accounts due to poor security practices.
Affected: npm packages and developers
Keypoints :
- Malicious code discovered within scripts executed during package installation, capturing environment variables.
- Attack targeted multiple cryptocurrency-oriented npm packages, with the ‘country-currency-map’ having the highest download frequency.
- Suspected compromise routes include credential stuffing and expired domain takeovers affecting maintainer accounts.
- Only the ‘country-currency-map’ package has issued a deprecation notice, with alternative safe versions recommended for use.
- Compromised packages remain available on npm, posing risks for developers who may inadvertently download them.