14 malicious npm packages impersonated OpenSearch, Elasticsearch libraries
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
And then Microsoft busted them all
A single npm user on Thursday published 14 malicious packages within a four-hour window, all mimicking popular OpenSearch, Elasticsearch, DevOps, and environment-configuration libraries, according to Microsoft.
It’s the latest in a seemingly never-endingstring of supply chain attacks targeting developer tools, and stealing cloud credentials and CI/CD pipeline secrets in its wake.
Using a newly created maintainer alias, vpmdhaj (a39155771@gmail[.]com), the threat actor published 14 packages impersonating legitimate libraries from the @opensearch and @elastic ecosystems and targeting Amazon Web Services, HashiCorp Vault, GitHub Actions, and the npm registry itself. This suggests that the attacker “likely chose a developer audience to have AWS and Elastic cloud credentials in their environments,” Microsoft warned in a Thursday blog.
All of the malicious packages include the same install-time stager and the same Bun-compiled, second-stage payload:...
Copyright of this story solely belongs to theregister.com. To see the full text click HERE