Gbhackers
Supply Chain Attack on node-ipc npm Package Exposes 822K Downloads to Credential Theft
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A supply chain attack on the node-ipc npm package has compromised three versions (9.1.6, 9.2.3, 12.0.1) with credential-stealing malware. The attack exploited an expired domain to hijack a dormant maintainer account, allowing attackers to publish malicious versions that contain an 80KB payload capable of stealing over 90 types of credentials. The malware uses DNS tunneling for data exfiltration, making detection difficult. This incident affects over 822,000 weekly downloads, posing a significant risk to developers utilizing the package in their projects. Security firms, including Socket and Slowmist, confirmed the malicious activity, which was active for about two hours before detection. Users are advised to audit their systems and rotate any exposed credentials immediately.
Key Points: • Three malicious versions of node-ipc were published, affecting over 822,000 downloads. • Attackers exploited an expired domain to hijack a maintainer account and publish malware. • The malware collects sensitive credentials and exfiltrates data via DNS tunneling.