By Interestana AI Editorial — AI-drafted, human-overseen. How we report
AsyncAPI npm Packages Infected With Credential-Stealing Malware
Five malicious versions of AsyncAPI npm packages were published to the Node Package Manager (npm) in a supply-chain attack. These compromised packages delivered a remote access trojan designed with info-stealing capabilities. The attack targeted developers using the AsyncAPI specifications, a standard for describing asynchronous APIs. The malicious code was embedded within the packages, aiming to exfiltrate sensitive information from infected systems.
The attackers published these malicious packages between October 26 and October 27, 2023. The packages were disguised as legitimate updates or new additions to the AsyncAPI ecosystem. Once installed by unsuspecting developers, the malware would execute, seeking to steal credentials and other sensitive data. This incident highlights the ongoing risks associated with software supply chains, where vulnerabilities in third-party dependencies can be exploited to compromise downstream users.
Researchers from ReversingLabs discovered the malicious activity and reported it to npm. The npm security team subsequently removed the malicious packages from the registry. The investigation revealed that the attackers leveraged the popularity of the AsyncAPI project to distribute their malware. The remote access trojan employed by the attackers is capable of executing commands on the compromised machine, further enabling data theft and potential lateral movement within a network. This incident underscores the importance of rigorous security practices for open-source package managers and the need for continuous monitoring of dependencies.
Original source — read the full reporting at the publisher:
Read on BleepingComputerGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.