Expired domain leads to supply chain attack on node-ipc npm package
Summary
Attackers compromised the popular npm package node-ipc by registering an expired domain name, allowing them to hijack a maintainer's account. Malicious versions of the package were published, containing an obfuscated payload designed to steal credentials for various services, including CI/CD tools, cloud platforms, and AI coding agents.
IFF Assessment
This article details a supply chain attack that injects credential-stealing malware into a widely used software package, posing a direct threat to defenders by compromising sensitive information.
Defender Context
This incident highlights the critical risk of supply chain attacks through popular open-source packages. Defenders should prioritize dependency scanning, use Software Bill of Materials (SBOMs), and implement strict access controls to mitigate the impact of compromised packages.