Security researchers have discovered yet another supply chain attack targeting open source repositories.
Accordingly, two more extremely popular npm packages with nearly 22 million downloads per week are compromised by malicious code. The attacker does this by gaining unauthorized access to the accounts of the developers behind the npm packages.
The two hacked packages are “coa”, a parser for command line options, and “rc”, a configuration loader. Both were compromised by an unknown threat actor to implant password-stealing software.
According to GitHub, all “coa” versions with codenames starting with 2.0.3 or later are affected. Those who are using “coa” should downgrade to version 2.0.2 as soon as possible and check for any suspicious system activity. Likewise, users of “rc” should downgrade to version 1.2.8 because versions 1.2.9, 1.3.9 and 2.3.9 of “rc” all contain malicious code.
Analyzing malware samples, the researchers discovered it was a variant of DanaBot, a Windows malware that specializes in stealing credentials and passwords. This is not the first time npm packages have been targeted by hackers.
“To protect your accounts and packages from similar attacks, we strongly recommend that you enable two-factor authentication for your npm account”, the npm representative just shared on Twitter.