"Numerous Websites And Applications Affected by NPM Supply-Chain Attack"

An NPM supply-chain attack that began in December 2021 to hack hundreds of websites and desktop applications used numerous malicious NPM modules with JavaScript code obfuscation. ReversingLabs researchers discovered that the threat actors behind this operation, known as IconBurst, infected developers searching for well-known packages such as umbrellajs and ionic.io NPM modules by using typosquatting. If the confusingly similar module name system tricked them, they would include malicious packages designed to steal data from embedded forms (including those used for sign-in) in their applications or websites. For example, consider the over 17,000 downloads of icon-package, one of the malicious NPM packages used in this campaign to exfiltrate serialized form data to a number of attacker-controlled websites. IconBurst made use of typo-squatting, a technique in which attackers distribute packages through public repositories with names that are similar to or common misspellings of legitimate packages. This article continues to discuss the IconBurst supply chain attack operation.

CyberIntelMag reports "Numerous Websites And Applications Affected by NPM Supply-Chain Attack"