Malicious npm package targets AWS users
June 27, 2024, 9:26 a.m.
Tags
External References
Description
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked a popular legitimate package, react-aws-s3-typescript, designed to facilitate file uploads to Amazon S3 Buckets. Initially, the package appeared benign, but a later version included a postinstall script that downloaded and executed a backdoor payload. The package's history demonstrates the challenges of monitoring open source repositories for threats, and RL introduced Spectra Assure Community to help developers assess package risks.
Date
Published: June 27, 2024, 7:58 a.m.
Created: June 27, 2024, 7:58 a.m.
Modified: June 27, 2024, 9:26 a.m.
Indicators
secure.software
5c3d87cdd9aa9cb28bc3240317983554b40e3f8e47ef8447bba1103d73bfee17
91.238.181.250
Attack Patterns
legacyreact-aws-s3-typescript
T1559.001
T1195.002
T1608
T1105
T1190