The npm security team has just recently removed a malicious JavaScript library from the npm website that contains malicious code that can be used for opening backdoors on certain programmers’ computers.

The JavaScript library was named the “twilio-npm” according to web.archive and it has shown malicious behavior that was recently detected by Sonatype, a  company that monitors the public package repositories all as part of its own developer security operations known as DevSecOps services.

According to the recently published report by Sonatype, the library was allegedly first published on the npm website some time Friday and was discovered on the very same day. Today, this was removed after the official npm security team eventually blacklisted the said package.

Despite the really short lifespan on the said npm portal, the library was actually downloaded over 370 times and also automatically included certain JavaScript projects that were built and also managed through the npm or Node Package Manager command-line utility.

Ax Sharma, a known Sonatype security researcher responsible for discovering and analyzing the flawed library, stated that the malicious code was found within the fake Twilio library that would eventually open a TCP reverse shell on every one of the computers that the said library was downloaded. After being downloaded, it was then imported inside the JavaScript/npm/Node.js projects.

The reverse shell opens to a connection straight towards “4.tcp.ngrok[.]io:11425” originally from where it first waited to receive a set of new commands in order to run on the infected users’ own computers. Sharma then said that the reverse shell would only work on the UNIX-based OS.

According to an article by ZDNet, the npm security team confirmed Sonatype’s investigation by saying any computer that actually has this package already installed or already running should be considered as fully compromised. It was also stated that all secrets as well as keys stored within that computer should definitely be rotated quite immediately from a certain different computer.

This currently marks the fourth ever major takedown of the malicious npm package over the span of three months. Back sometime in late August, the npm staff proceeded to remove a malicious npm or JavaScript library that was designed to steal certain sensitive files from a particularly infected users’ browser as well as Discord application.

Quite similarly, back in September, the known npm staff then removed four different npm (JavaScript) libraries used for collecting certain user details and also uploading the stolen data straight to a public GitHub page. In order to properly defend from hackers, it is better to avoid using the said JavaScript library or other similar libraries that could be malicious.

Related Article: US Hospitals’ Recent Ransomware Attack is the ‘Most Significant Cybersecurity Threat’ Ever Seen, Say Experts

By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions

Source: https://www.techtimes.com/articles/253825/20201102/warning-malicious-javascript-library-posing-twilio-related-libraries-opens-vulnerabilities.htm

npm, Computer, Software, JavaScript library, Vulnerability, Computer security

World news – US – Warning: Malicious JavaScript Library Posing as Twilio-Related Libraries Opens Vulnerabilities to Programmers’ Computer

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here