Malicious npm package steals data from UNIX systems

The security team of the popular JavaScript npm package manager (Node Package Manager) discovered the 1337qq-js malicious package that stole sensitive data from UNIX systems. This is the sixth case since 2017, when the malware entered the npm repository.

The malicious package was uploaded to the repository on December 30, 2019, they managed to download it at least 32 times, and then it was noticed by information security specialists at Microsoft. According to the analysis of the researchers, the package steals confidential information using installation scripts and is designed exclusively for UNIX systems. Among the stolen data:

  • Environment Variables;
  • running processes;
  • / etc / hosts;
  • uname -a;
  • npmrc file.

It should be noted that the theft of environment variables is very dangerous, since hard-coded passwords and API access tokens in web applications and mobile applications are often stored in the form of environment variables.

Now, all developers who managed to download a dangerous package are advised to urgently remove it from their systems and change all compromised credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty − 19 =