node-ipc npm Package Compromised Again with Malicious Versions

Severity: High (Score: 67.5)

Sources: Gbhackers, Cybersecuritynews

Summary

The node-ipc library, a popular JavaScript inter-process communication package with over 822,000 weekly downloads, has been compromised again. Security researchers from Socket and Stepsecurity confirmed that three versions—[email protected], [email protected], and another unspecified version—contain obfuscated credential-stealing malware and backdoor capabilities. This incident marks the second major supply chain attack on the node-ipc package since 2022, raising significant concerns in the JavaScript ecosystem. Users of the affected versions are at risk of having their credentials stolen or systems compromised. The malicious code was hidden within the package updates, making detection challenging. As of now, security teams are urged to review their dependencies and ensure they are not using the compromised versions. Key Points: • node-ipc npm package compromised with malicious versions affecting 822K downloads. • Obfuscated malware includes credential stealers and backdoor capabilities. • This is the second major supply chain attack on node-ipc since 2022.

Key Entities

• Supply Chain Attack (attack_type)
• T1195 - Supply Chain Compromise (mitre_attack)
• Node-ipc (platform)