Malicious npm package targets AWS users
June 27, 2024, 9:26 a.m.
Description
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later version included a postinstall script that downloaded and executed a backdoor payload. The package's history demonstrates the challenges of monitoring open source repositories for threats, and RL introduced Spectra Assure Community to help developers assess package risks.
Tags
Date
- Created: June 27, 2024, 7:58 a.m.
- Published: June 27, 2024, 7:58 a.m.
- Modified: June 27, 2024, 9:26 a.m.
Indicators
- secure.software
- 5c3d87cdd9aa9cb28bc3240317983554b40e3f8e47ef8447bba1103d73bfee17
- 91.238.181.250
Attack Patterns
- legacyreact-aws-s3-typescript
- T1559.001
- T1195.002
- T1608
- T1105
- T1190