Banking industry hit by novel open-source supply chain attacks

Malicious NPM packages have been leveraged to compromise two banks in February and April, marking the first two instances of open-source software supply chain attacks against the banking industry, according to The Record, a news site by cybersecurity firm Recorded Future. Numerous packages with malicious scripts that feature operating system detection and encrypted file decoding capabilities have been used in one of the attacks, with the files then enabling malicious code downloads on the targeted devices, a report from Checkmarx revealed. Personalized command-and-control centers have also been established for every target, with the intrusion misconstrued as penetration testing due to the attacker's use of a fake LinkedIn page impersonating a bank employee. Meanwhile, the other attack involved the deployment of malicious code into the targeted bank's login page, which allows stealthy login data exfiltration upon activation. All of the malicious packages have already been removed but more banks are expected to be impacted by software supply chain attacks, said researchers.