Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Malicious npm package targets AWS users

June 27, 2024, 9:26 a.m.

Description

ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later version included a postinstall script that downloaded and executed a backdoor payload. The package's history demonstrates the challenges of monitoring open source repositories for threats, and RL introduced Spectra Assure Community to help developers assess package risks.

Date

Published: June 27, 2024, 7:58 a.m.

Created: June 27, 2024, 7:58 a.m.

Modified: June 27, 2024, 9:26 a.m.

Indicators

secure.software

5c3d87cdd9aa9cb28bc3240317983554b40e3f8e47ef8447bba1103d73bfee17

91.238.181.250

Attack Patterns

legacyreact-aws-s3-typescript

T1559.001

T1195.002

T1608

T1105

T1190