Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
Dec. 20, 2024, 4:42 p.m.
Tags
External References
Description
Two npm packages, @rspack/core and @rspack/cli, were compromised in a supply chain attack, allowing the publication of malicious versions containing cryptocurrency mining malware. The attack targeted specific countries and aimed to execute XMRig cryptocurrency miner on Linux hosts. The malicious versions have been unpublished, and version 1.1.8 is now considered safe. The incident highlights the need for stricter safeguards in package managers to protect developers. The Rspack project maintainers have taken steps to secure their infrastructure, including invalidating tokens and auditing source code. An investigation into the root cause of the token theft is ongoing.
Date
Published: Dec. 20, 2024, 3:25 p.m.
Created: Dec. 20, 2024, 3:25 p.m.
Modified: Dec. 20, 2024, 4:42 p.m.
Attack Patterns
XMRig
T1195.001
T1195.002
T1552.001
T1571
T1059.004
T1070.004
T1496
T1102
T1195
Additional Informations
Hong Kong
Iran, Islamic Republic of
China
Belarus
Russian Federation