AsyncAPI npm packages infected with credential-stealing malware
Summary
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) as part of a supply-chain attack. These packages contained a remote access trojan designed to steal credentials and other sensitive information from infected systems.
IFF Assessment
The discovery of malware within legitimate software packages poses a direct threat to developers and organizations relying on those packages, indicating a successful attack vector.
Defender Context
This incident highlights the ongoing risks associated with supply-chain attacks, where attackers compromise legitimate software repositories to distribute malware. Defenders should maintain vigilance regarding dependencies and implement robust scanning and monitoring for any unexpected changes or behaviors in their software build and deployment pipelines.