Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats. 

KEY SUMMARY POINTS

• Compromised npm Packages: On December 20, 2024, attackers used a hijacked npm token to compromise popular npm packages @rspack/core, @rspack/cli, and “vant,” injecting malicious code into their updates.

• Monero Miner Deployed: The malicious code, hidden in obfuscated scripts, deployed the XMRig Monero cryptocurrency miner, connecting to an external server and mining for the attackers.

• Automated Detection: Sonatype’s malware detection systems quickly identified and blocked the malicious versions, protecting users through the Nexus Repository Firewall.

• Patches Released: Both Rspack and Vant addressed the breach by releasing clean updates (Rspack v1.1.8 and Vant v4.9.15) and implementing enhanced security measures.

• Open Source Risks Highlighted: Sonatype reports that 98.5% of open-source malware targets npmjs.com, emphasizing ...