There has been a supply chain attack against JumpCloud, an IT management company known for cryptocurrency products. This attack targets a small group of its clients. Two weeks after JumpCloud announced that it had been compromised, an investigation by ReversingLabs researchers has revealed that there has also been evidence of malicious npm packages connected to the same infrastructure that targets cryptocurrency providers as well.
Over the past few months, researchers at ReversingLabs have discovered more than two dozen NPM packages that use form data to steal from business processes in a “coordinated supply chain attack.” As a dependency installer, Node Package Manager can install dependencies for JavaScript and Node.js runtime environments.
Designers were tricked into downloading malicious packages through typo-squatting, a subtle but intentional misspelling of popular software repositories, in the SolarWinds-style attack dubbed IconBurst.
The researchers report that the supply chain attack was successful, as one malicious NPM package has been downloaded more than 17,000 times out of 100,000 possible downloads. Even though developers used these malicious packages as a launchpad for their attacks, the final targets they targeted were end users’ data.