A highly dangerous self-replicating malware called “Shai-Hulud” has recently swept through the global software supply chain, becoming one of the largest incidents of its kind ever documented.
Named after the sandworms in the Dune series, this worm has infected hundreds of open-source packages available on the Node Package Manager (NPM) platform, which is widely used by JavaScript developers and organizations worldwide.
Shai-Hulud distinguishes itself from previous supply chain attacks by being fully automated: it propagates by stealing authentication tokens from infected systems and using them to compromise additional software packages, thus fueling a rapid, worm-like proliferation.
The attack vector starts when a developer or system installs a poisoned NPM package. The worm then scans the environment for NPM credentials, specifically targeting authentication tokens, which grant publishing rights. Upon finding such tokens, it not only corrupts the compromised package but also infects up to twenty of the most popular packages accessible to that credential, automatically publishing
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: