JavaScript package manager npm removes malicious packages that were stealing data

JavaScript programming language package manager npm have disclosed and removed approximately 40 malware spiked packages that were designed to steal environment variables and the series of packages with names were similar to existing and popular npm packages.

The developers confirm the news that this is a case of typo squatting to distract inattentive users and they were slightly different than the usual package.

" Environmental variables are such common a way to hand credentials to software, it' s a pretty good thing to go after," said CJ Silverio, CTO at npm.

According to npm, a user by the handle name “ hacktask” published the malicious libraries on July 19 included the popular “ crossenv” as “ cross-env” and it has been downloaded 700 times before it was taken down. Fortunately only 50 users appear to be genuine installation while the rest seems to be registry mirrors.

" If you downloaded and installed any of these packages, you should immediately revoke and replace any credentials you might have had in your shell environment," npm advised.

Steps are taken to ensure to prevent further typo squatting problem by using the block publication option that detects spams as it is published to the registry.

Tag : JavaScript npm
FAQ
Q
It is possible to steals the data from ours?
A
Yes, Malicious always steals the files from the system.
Q
Why the javascript has been attacked?
A
In a classic case of typosquatting intended to fool inattentive users, the fake packages featured names that were just slightly different than actual, genuine packages offered by npm. “The package naming was both deliberate and malicious – the intent was to collect useful data from tricked users,” npm explained in a blog post.
Q
What is HackTack?
A
In response to the incident, npm banned the user “hacktask.” Additionally, npm said that its developers are discussing taking various approaches to detecting and preventing future instances of accidental or malicious typosquatting.
Q
What should I do If it downloaded?
A
“If you downloaded and installed any of these packages, you should immediately revoke and replace any credentials you might have had in your shell environment,” npm advised.
Q
How to detect the malicious?
A
“There are programmatic ways to detect this, and we might use them to block publication,” the npm blog post reads. “We’re using the Smyte service [a trust and safety SaaS offering] to detect spam as it is published to the registry, and will be experimenting with using it to detect other kinds of violations of our terms of service.”