CP
cyberpings
Malware & RansomwareHIGH

Malicious npm Package 'ambar-src' Hits 50,000 Downloads Fast

TETenable Blog
npmambar-srcmalwaretyposquattingopen-source
🎯

Basically, a harmful software package tricked developers into downloading malware through a popular coding tool.

Quick Summary

A malicious npm package called 'ambar-src' was downloaded 50,000 times before being removed. Developers on Windows, Linux, and macOS are at risk of malware infection. This incident underscores the dangers of trusting open-source packages. Check your systems now to ensure you're not compromised!

What Happened

Imagine downloading a tool that promises to make your coding life easier, only to find out it’s a trap. Recently, Tenable Research uncovered a malicious npm package named 'ambar-src' that was downloaded around 50,000 times before being removed. This package was designed to target developers across various operating systems, including Windows, Linux, and macOS.

The package was first uploaded on February 13th, and within just a few days, it had gained significant traction. On February 16th, a new version containing malicious code? was released. Unlike previous attacks that compromised legitimate packages, 'ambar-src' had no valid use cases, meaning every version was malicious from the start. Attackers cleverly used typosquatting?, mimicking the popular package 'ember-source' to trick unsuspecting developers into downloading it.

Why Should You Care

If you’re a developer or even just someone who uses npm?, this incident should raise alarm bells. Installing packages from npm is now a high-risk action due to the potential for malicious preinstall script?s that can compromise your system without you even realizing it. It’s like opening a seemingly harmless email attachment that ends up infecting your computer with a virus.

The implications are serious. If you have 'ambar-src' installed, your entire system could be compromised. This isn’t just about losing data; it’s about the potential for attackers to gain full control over your machine. Always remember: every time you run 'npm install', you’re trusting the source. It’s crucial to be vigilant and inspect your environment regularly.

What's Being Done

In response to this threat, Tenable Research has provided guidance on how to identify and mitigate the risks associated with 'ambar-src'. Here’s what you should do right now:

  • Check your system for the presence of the 'ambar-src' package.
  • Treat any system where it’s found as fully compromised and follow incident response protocols.
  • Stay updated on new developments and patches from npm?.

Experts are closely monitoring the situation for any new variants or similar attacks. The rapid spread of this malicious package highlights the urgent need for developers to be cautious and proactive in their security practices.

💡 Tap dotted terms for explanations

🔒 Pro insight: The rapid propagation of 'ambar-src' underscores the need for enhanced vetting processes in the npm ecosystem to prevent future supply chain attacks.

Original article from

Tenable Blog · Ron Popov

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

AppsFlyer SDK Hijacked to Deploy Crypto-Stealing Malware

What Happened This week, the AppsFlyer Web SDK was hijacked in a serious supply-chain attack. Malicious code was injected into the SDK, which is widely used for marketing analytics by over 15,000 businesses globally. The compromised code was designed to intercept cryptocurrency wallet addresses entered by users on various websites. Instead of sending funds to the intended wallet, the

BleepingComputer·
HIGHMalware & Ransomware

GlassWorm Campaign Exploits 72 Extensions to Target Developers

A new GlassWorm campaign exploits 72 malicious extensions targeting developers. This sophisticated attack uses seemingly harmless tools to deliver malware. Developers must stay vigilant to protect their systems from these threats.

The Hacker News·
HIGHMalware & Ransomware

Malicious npm Packages Steal Discord and Crypto Data

A sophisticated supply chain attack has emerged, targeting Discord and cryptocurrency wallets. Users of npm packages are at risk of having their sensitive data stolen. Immediate action is required to secure accounts and data.

Cyber Security News·
HIGHMalware & Ransomware

GlassWorm Malware Expands Reach with 72 Malicious Extensions

The GlassWorm malware campaign has escalated, infecting developer environments through 72 malicious Open VSX extensions. Developers using popular tools are at risk, as attackers employ clever tricks to bypass security measures. Immediate action is necessary to protect sensitive data and maintain secure coding practices.

Cyber Security News·
HIGHMalware & Ransomware

SmartApeSG Campaign Deploys Remcos RAT via ClickFix Page

A new campaign is using a fake ClickFix page to spread Remcos RAT. Individuals and organizations are at risk of remote access and data theft. Stay vigilant and protect your systems from this growing threat.

SANS ISC Full Text·
HIGHMalware & Ransomware

Ransomware Negotiator Allegedly Extorted Victims for Millions

A ransomware negotiator is accused of extorting victims for millions. DigitalMint claims ignorance of his actions. This scandal raises serious concerns about trust in cybersecurity professionals.

SC Media·