​ ​AsyncAPI npm packages infected with credential-stealing malware

Summary

Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) as part of a supply-chain attack. These packages contained a remote access trojan designed to steal credentials and other sensitive information from infected systems.

IFF Assessment

FOE

The discovery of malware within legitimate software packages poses a direct threat to developers and organizations relying on those packages, indicating a successful attack vector.

Defender Context

This incident highlights the ongoing risks associated with supply-chain attacks, where attackers compromise legitimate software repositories to distribute malware. Defenders should maintain vigilance regarding dependencies and implement robust scanning and monitoring for any unexpected changes or behaviors in their software build and deployment pipelines.

Read Full Story →