Malware, DevSecOps

Material Tailwind spoofed by malicious NPM package

ReversingLabs researchers discovered that legitimate CSS-based software library Material Tailwind has been impersonated by a malicious NPM package, indicating continued malware distribution efforts in open source software repositories, The Hacker News reports. The report noted that there have been 320 downloads of the malicious NPM package since Sept. 15. "The malicious Material Tailwind npm package, while posing as a helpful development tool, has an automatic post-install script," said ReversingLabs researcher Karlo Zanki. Included in the package was a script enabling the download of a ZIP archive file retrieved from a remote server, which features Powershell code snippets tasked to conduct communication, command-and-control, process manipulation, and persistence. Such impersonation signifies the growing attack surface of the software supply chain, with the U.S. government recently directing the use of software development standard-compliant software. "Ensuring software integrity is key to protecting Federal systems from threats and vulnerabilities and reducing overall risk from cyberattacks," said the White House.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.