According to the recently published report by Sonatype, the library was allegedly first published on the npm website some time Friday and was discovered on the very same day. Today, this was removed after the official npm security team eventually blacklisted the said package.
The reverse shell opens to a connection straight towards “4.tcp.ngrok[.]io:11425” originally from where it first waited to receive a set of new commands in order to run on the infected users’ own computers. Sharma then said that the reverse shell would only work on the UNIX-based OS.
According to an article by ZDNet, the npm security team confirmed Sonatype’s investigation by saying any computer that actually has this package already installed or already running should be considered as fully compromised. It was also stated that all secrets as well as keys stored within that computer should definitely be rotated quite immediately from a certain different computer.
Related Article: US Hospitals’ Recent Ransomware Attack is the ‘Most Significant Cybersecurity Threat’ Ever Seen, Say Experts
By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions