Back

36 Malicious Strapi npm Packages Deliver Redis RCE and C2 Malware

Severity: High (Score: 69.0)

Sources: Cybersecuritynews, Gbhackers

Summary

A coordinated supply chain attack has been discovered involving 36 malicious npm packages that impersonate Strapi CMS plugins. These packages were published to the npm registry and are designed to exploit Redis for remote code execution (RCE), facilitate credential theft, and establish persistent command-and-control (C2) access. The attack utilized four sock-puppet npm accounts: umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1. Developers using Strapi for application development are the primary targets of this campaign. The malicious packages pose a significant risk by enabling attackers to execute arbitrary code on affected systems. The full scope of the impact is still being assessed, but the presence of these packages in the npm registry raises concerns about the security of open-source software supply chains. Security professionals are urged to review their dependencies and ensure they are not using these malicious packages. Key Points: • 36 malicious npm packages disguised as Strapi plugins were identified. • The attack enables Redis remote code execution and credential harvesting. • Developers using Strapi are primarily affected by this supply chain attack.

Key Entities

  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • Npm Registry (platform)
  • Redis (platform)
  • Strapi (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed