Malicious NPM Packages Steal Linux and Unix Password Files of Amazon, Slack, and More – Tech Times

Security researchers discovered that new malicious NPM packages target Amazon, Slack, Zillow, and Lyft code repositories and possibly stealing Linux and Unix password files. Experts also stated that they can open reverse shells back to the hackers. 

Malicious NPM Packages Steal Linux and Unix Password Files of Amazon, Slack, and More!

(Photo : Photo by Quinn Rooney/Getty Images)
The Amazon website is seen on December 5, 2017 in Dandenong, Australia. Amazon has ended months of speculation by launching its local website overnight. The online retail giant has started taking orders and shipping products from its ‘fulfilment centre’ in Dandenong South, offering massive discounts on millions of items across more than 20 categories including electronics, toys, clothing, beauty and accessories.

Also Read: LastPass Confirms Its Service Will Soon Require Subscription! Here Are The Best Alternative Password Managers

According to Bleeping Computer‘s latest report, this newly discovered flaw was first discovered by Alex Birsan, the security researcher who won bug bounties from 35 companies. The expert was able to utilize a new flaw in open-source development tools. 

On the other hand, IT Pro reported that the new malicious codes were found in JavaScript repositories. Because of this, hackers and other online attackers can easily acquire sensitive files from Unix and Linux systems. 

Sonotype, a cybersecurity firm, said that the NPM packages contain malicious dependency confusion codes and that these malicious packages target the commonly use components companies such as Amazon, Slack, Lyft, and Zillow. 

How the new NPM packages attack

The new malicious NPM packages also contain lyft-dataset-sdk, serverless-slack-app, zg-rentals, and amzn. Meanwhile, the dependency managers also use different packages, such as PyPI, RubyGems, and NPM, on the public repo rather than the company’s internal packages when building the application. 

Security researchers also explained that the new dependency confusion flaw allows different online attackers and cybercriminals to inject their own malicious code into an internal application in the supply-chain attack. 

“I was starting to wonder when we were going to see a malicious actor take advantage of the current situation. Finally, we’ve spotted one,” said Juan Aguirre, a Sonatype security researcher, via Bleeping Computer

“There is no scenario I can imagine where I’m going to submit a PoC for a bug bounty program that actually harms the organization. Taking their /etc/shadow file is definitely harmful,” he added.  

Malicious NPM package’s main target

Security experts said that the new malicious NPM packages’ main packages are the companies’ Linux profiles “.bash_history” files. Once the hackers acquire this data, they will send it to a remote host under their control. Cybercriminals are currently targeting it since it contains a list of all the commands you typed in the shell, including passwords passed as arguments or texts. You can click here for more info. 

For more news updates about new malicious codes used by different online attackers, always keep your tabs open here at TechTimes.  

Read More   Vistacom Tech Expo 2020 Goes Virtual Amid COVID-19 Crisis - Security Sales & Integration

Related Article: Hackers Use ‘Gootloader’ Along with SEO Tactics to Deploy Malware on Websites, Debuting ‘Deoptimization’

This article is owned by TechTimes.

Written by: Giuliano de Leon.

ⓒ 2018 All rights reserved. Do not reproduce without permission.


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.