Sonatype Discovers 86 Malicious npm Packages Targeting Software Supply Chains
Sonatype's automated malware detection bots have uncovered 86 malicious npm packages, mimicking popular Node.js and JavaScript functions. These packages, removed promptly by npm, pose a threat to software supply chains. Notably, they contain strings related to kid-safe streaming platform Rukkaz and cryptocurrency exchange Azbit.
The 86 malicious packages were discovered following last week's unearthing of over 400 similar packages targeting Azure, Uber, and Airbnb developers. Each of these packages was published from a unique npm account and contains an empty README file, suggesting a deliberate attempt to evade detection.
Sonatype's Repository Firewall automatically blocks such malicious packages, safeguarding users from potential harm. The packages contain roadblocks to prevent accidental execution on the attacker's own systems, indicating a level of sophistication. Some packages, like 'rush-lib', target Azure developers and exfiltrate basic system fingerprinting information.
The origin of these malicious packages remains unknown, with no information about the person or group behind them. Sonatype's prompt reporting and npm's swift removal have mitigated the threat. Users of Sonatype's Repository Firewall are protected from such malicious packages, highlighting the importance of robust supply chain security measures.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
