Supply Chain Attack Hits 32 Red Hat NPM Packages
On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, publishing malicious versions of 32 packages to distribute a credential-stealing worm.
Within a 72-second window, the threat actor published poisoned iterations across all 32 packages, likely using automation, ReversingLabs notes.
The affected packages cover the entire Red Hat Hybrid Cloud Console JavaScript ecosystem and have nearly 10 million collective downloads.
According to Aikido, the attackers likely compromised the CI/CD pipeline and used the GitHub Actions OIDC to publish the malicious package versions. ReversingLabs believes that the hackers had access to @redhat-cloud-services NPM scope credentials.
The packages contained a preinstall hook that led to the execution of malware during NPM install, before the package is imported or used.
The payload contains the string “Miasma: The Spreading Blight” and appears to be a variant of the Mini Shai-Hulud worm that TeamPCPused in several attacks against the...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE