Today > | 4 High | 19 Medium vulnerabilities   -   You can now download lists of IOCs here!

Differential analysis raises red flags over @lottiefiles/lottie-player

Nov. 22, 2024, 9:24 a.m.

Description

ReversingLabs researchers discovered malicious versions of the popular npm package @lottiefiles/lottie-player. Versions 2.0.5, 2.0.6, and 2.0.7 were compromised and used to spread malicious code designed to steal crypto wallet assets. The attackers altered the lottie-player.js file, replacing its code with their own. Differential analysis revealed significant changes in package size and behaviors, including the introduction of URLs related to Bitcoin exchange services. The compromise was quickly detected, and LottieFiles maintainers worked with npm to remove the malicious versions. This incident highlights the importance of secure development practices, such as pinning dependencies to specific versions and regularly conducting security assessments to verify the integrity of open-source libraries.

Date

Published: Nov. 22, 2024, 4:49 a.m.

Created: Nov. 22, 2024, 4:49 a.m.

Modified: Nov. 22, 2024, 9:24 a.m.

Attack Patterns

T1195.001

T1056.003

T1588.001

T1102.002

T1185

T1059.007