Discussion

Search code, repositories, users, issues, pull requests...

uticus: > March 31, around 01:00 UTC: community members file issues reporting the compromise. The attacker deletes them using the compromised account.Interesting it got caught when it did.

fraywing: Incredible uptick in supply chain attacks over the last few weeks.I feel like npm specifically needs to up their game on SA of malicious code embedded in public projects.

charcircuit: Does OIDC flow block this same issue of being able to use a RAT to publish a malicious package?

simulator5g: That's the reality of modern war. Many countries are likely planting malware on a wide scale. You can't even really prove where an attack originated from, so uninvolved countries would also be smart to take advantage of the current conflict. Like if you primarily wrote German, you would translate your malware to Chinese, Farsi, English, or Hebrew, and take other steps to make it appear to come from one of those warring countries. Any country who was making a long term plan involving malware would likely do it around this time.

Zopieux: Not much we didn't know (you're basically SOL since an owner was compromised), however we now have a small peek into the actual meat of the social engineering, which is the only interesting news imho: https://github.com/axios/axios/issues/10636#issuecomment-418...

akersten: Any good payload analysis been published yet? Really curious if this was just a one and done info stealer or if it potentially could have clawed its way deeper into affected systems.

ipnon: NPM is designed to let you run untrusted code on your machine. It will never work. There is no game to step up. It's like asking an ostrich to start flying.

hsbauauvhabzb: No, once the computer is compromised nothing really helps assuming the attacker is patient enough.