Two malicious packages found in the npm package repository turned out to be hiding an open-source information-stealing malware called TurkoRat.
Together, these packages (named nodejs-encrypt-agent and nodejs-cookie-proxy-agent) were downloaded about 1,200 times and were available for over two months before being identified and removed.
ReversingLabs, which analyzed the details of the campaign, described TurkoRat as an information thief capable of harvesting sensitive information such as login credentials, website cookies, and data from cryptocurrency wallets.
While nodejs-encrypt-agent contained malware inside, it turned out that nodejs-cookie-proxy-agent disguises the Trojan as a dependency under the name axios-proxy.
The nodejs-encrypt-agent is also designed to masquerade as another canonical npm module known as agent-base, and has been downloaded over 25 million times to date.
Below is a list of malicious packages and their associated versions.
- nodejs-encrypt-agent (versions 6.0.2, 6.0.3, 6.0.4, and 6.0.5)
- nodejs-cookie-proxy-agent (versions 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, and 1.2.4), and
- axios-proxy (versions 1.7.3, 1.7.4, 1.7.7, 1.7.9, 1.8.9, and 1.9.9)
“TurkoRat is just one of many open-source malware families offered for ‘testing’ purposes, but it can be easily downloaded and used for malicious purposes,” said ReversingLabs threat researcher Lucia Valentic. It can be changed to ,” he said.
The findings once again highlight the ongoing risk of threat actors orchestrating supply chain attacks via open source packages to lure developers into downloading potentially untrusted code.
“Development organizations should scrutinize the functionality and behavior of the open source, third-party, and commercial code they rely on to track dependencies and detect potential malicious payloads within them. There is,” Valentic said.
The increased use of malicious npm packages fits a broader pattern of increasing attacker interest in the open source software supply chain, not to mention highlighting the increasing sophistication of threat actors.
Even more alarming, Checkmarx researchers this month revealed how a threat actor could spoof a real npm package by “using lowercase to mimic the uppercase of the original package name.” announced new research that showed
“This malicious package spoofing takes the traditional ‘typosquatting’ attack technique to a new level. We will register the package name,” said researchers Teach Zornstein and Jehuda Gelb. Said.
“This makes it even harder for users to spot deception, as subtle differences in case can easily be overlooked.”
A supply chain security firm found that 1,900 of the 3,815 packages with capital letters in their titles could have been at risk of copycat attacks without the fix pushed by npm maintainers to address the issue. I discovered that there is The problem has existed since December, he said, Checkmarx. 2017.
This disclosure also follows another advisory from Check Point that identified three malicious extensions hosted on the VS Code extension marketplace. They were purged on May 14, 2023.
Named “prettiest java”, “Darcula Dark”, and “python-vscode”, these add-ons have been downloaded more than 46,000 times in total, allowing attackers to steal credentials and system information and remotely install them on a victim’s machine. It had built-in functionality that could establish a shell.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Reserve your seat!
This is not just the npm and VS Code marketplaces, but a similar set of rogue libraries have also been found in the Python Package Index (PyPI) software repository.
Some of these packages were designed to distribute a cryptocurrency clipper malware called KEKW, while other typosquatting versions of the popular flask framework include receiving commands from a remote server. It contained backdoor functionality.
Another Python package discovered this week by Israeli firm Phylum contains a malicious dependency containing an encrypted payload to obtain Discord tokens and steal clipboard contents to hijack cryptocurrency transactions. was found to contain
The package, dubbed chatgpt-api by developer Patrick Pogoda, was accessible through GitHub and provided the functionality it advertised to accomplish its ploy (namely, interacting with OpenAI’s ChatGPT tool). This repository is still available at the time of writing.
“For now, the actor seems to be capitalizing on his recent explosion in popularity.” [Large Language Models] We use this chatgpt-api package,” Phylum said, adding that threat actors upload new iterations whenever malicious dependencies are removed, creating an automatic mechanism that “maintains persistent infections.” He added that they likely have.
