Careful, that jQuery package could be loaded with Trojans

Pls share this post

Listen to this article

Hackers are, once again, targeting software developers through a “complex and persistent” supply chain attack.

Recently, cybersecurity researchers from Phylum discovered a new campaign in which unidentified hackers distributed dozens of malicious libraries on different code repositories, including npm, GitHub, and jsDelivr.

All of these libraries impersonated jQuery, a small, fast and feature-rich JavaScript library designed to simplify the client-side scripting of HTML. 

Dozens of packages

With jQuery, it is easier to write JavaScript code, since the library provides different features such as simplified event handling, animations, and Ajax interactions. It allows developers to accomplish complex tasks with fewer lines of code compared to plain JavaScript.

READ ALSO  JetBrains refuses to reveal details of patched security issues

“This attack stands out due to the high variability across packages,” Phylum said. “The attacker has cleverly hidden the malware in the seldom-used ‘end’ function of jQuery, which is internally called by the more popular ‘fadeTo’ function from its animation utilities.”

So far, Phylum identified 68 packages, published between late May and late June this year. Some of the names of the packages include cdnjquery, footersicons, jquertyi, jqueryxxx, logoo, and sytlesheets.

This is not the first time hackers are targeting software developers, and their clients, through weaponized packages. Usually, however, there is a healthy dose of automation in such campaigns, reflected in the way the packages are named, and in the dates they are uploaded. This campaign, on the other hand, seems to be fully manual, since it doesn’t check any of these boxes.

Intel's formidable 288 core CPU now has a proper family name — Granite Rapids and Sierra Forest are Xeon 6 processors but is it just becoming too confusing?

Among the different repositories, PyPI, GitHub, and npm, are most frequently targeted. 

PyPI, for example, was forced to suspend new account and new project creation, on multiple occasions, to prevent hackers from uploading large amounts of malicious packages. GitHub, on the other hand, saw hackers upload “millions of repos capable of stealing sensitive information and information cookies” in late February this year.

Via TheHackerNews

More from TechRadar Pro


Pls share this post
Previous article
Ridley Scott’s epic Gladiator II trailer shows off Paul Mescal fighting a rhino in the Colosseum
Next article
Is the Qualcomm X Elite ready to take on business users? Two reviews of HP’s gorgeous new EliteBook Ultra laptop deliver mixed messages — and the jury is still out