Microsoft finds malicious npm package to steal data from UNIX system

Microsoft’s vulnerability research team discovered a malicious JavaScript package in the Npm (Node Package Manager) repository that stole sensitive information from the UNIX system. The malware package, named 1337qq-js, was uploaded to the npm repository on December 30, 2019. The malware package has now been removed by npm’s security team. Prior to this, the package had been downloaded at least 32 times.

According to the npm security team, the package discloses sensitive information by installing scripts and only for UNIX systems.

Microsoft finds malicious npm package to steal data from UNIX system

The types of data it collects include:

Environment variables

Running the process

/ etc / hosts

Best name

npmrc file

Among them, stealing environmental variables is considered a major security vulnerability. The npm team recommends that all developers who download or use this JavaScript package in their project remove the package from their system and rotate the credentials of any of the sided.

In fact, this is the sixth time a malware package has been placed in the npm repository index, and the previous five were:

June 2019 – Hackers place a backdoor operation on the electronic local notification library to insert malicious code that reaches the Agama cryptocurrency wallet.

November 2018 – A hacker borrows the event-stream npm package to load malicious code inside the BitPay Copay desktop and mobile wallet applications and steal cryptocurrencies.

July 2018 – Hackers break the ESLint library with malicious code designed to steal npm credentials from other developers.

May 2018 – Hackers try to hide a backdoor in a popular npm package called get cookies.

April 2017 – Hackers use extortion to upload 38 malicious JavaScript libraries at npm that are configured to steal environmental details from the projects that use them.