On November 7th, a malicious npm package called ‘@acitons/artifact’ was uncovered, having been downloaded more than 206,000 times. This package was cleverly designed to imitate the legitimate ‘@actions/artifact’ used in GitHub Actions deployments, making it a typographical attack. Its primary aim was to extract authentication tokens from the environment during installations within authorized GitHub repositories. With these tokens, attackers could deploy malicious code from GitHub itself, introducing significant security risks to the platform.
The malware employed a hidden script within the package that activated upon installation, utilizing several versions to experiment while maintaining operational stealth. Notably, it was reported that this malware evaded detection from conventional antivirus solutions when first discovered, illustrating the growing concern about such sophisticated threats in the software supply chain. Veracode’s findings highlight the precision of the attack: the malware checks for specific GitHub environment variables, confirming it targets only GitHub’s repositories. Developers protected by Veracode’s Package Firewall were shielded from this threat immediately after its identification, but the incident serves as a critical reminder of the vulnerabilities inherent in package management systems.
👉 Pročitaj original: Cyber Security News
