36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Summary
Cybersecurity researchers identified 36 malicious npm packages disguised as Strapi CMS plugins. These packages exploit Redis and PostgreSQL to deploy reverse shells, steal credentials, and install persistent implants. They contain specific files like package.json, index.js, and postinstall.js, and lack descriptive information.
IFF Assessment
The discovery of malicious packages in a popular registry that exploit common database services and deploy persistent implants represents a direct threat to systems and data.
Defender Context
Defenders must be vigilant about supply chain attacks, especially when incorporating new or less-vetted npm packages into their projects. Regularly auditing dependencies and utilizing software composition analysis (SCA) tools can help identify and mitigate risks from malicious code.