Two malicious packages found in the npm package repository have been found to hide an open source information stealing malware named TurkoRat.
The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded about 1,200 times and were available for over two months before being identified and removed.
ReversingLabs, which detailed details of the campaign, described TurkoRat as an information thief capable of extracting sensitive information such as login credentials, website cookies and data from cryptocurrency wallets.
While nodejs-encrypt-agent comes with malware built in, nodejs-cookie-proxy-agent was found to be masquerading as a trojan as a dependency under the name axios-proxy.
nodejs-encrypt-agent is also engineered to masquerade as other legitimate npm modules known as agent basewhich has been downloaded more than 25 million times to date.
List of rogue packages and their related versions are listed below –
- nodejs-encrypt-agent (version 6.0.2, 6.0.3, 6.0.4, and 6.0.5)
- nodejs-cookie-proxy-agent (version 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, and 1.2.4), and
- axios-proxy (version 1.7.3, 1.7.4, 1.7.7, 1.7.9, 1.8.9 and 1.9.9)
“TurkoRat is just one of many open source malware families offered for ‘testing’ purposes, but can also be easily downloaded and modified for malicious use,” Lucija Valentić, threat researcher at ReversingLabs, said.
These findings are again underscore ongoing risk Threat actors orchestrate supply chain attacks via open source packages and lure developers into downloading potentially untrusted code.
“Development organizations need to research the features and behavior of the open-source, third-party and commercial code they rely on to track dependencies and detect potentially harmful content in them,” says Valentić.
The increased use of malicious npm packages fits into a broader pattern of soaring attacker interest in open source software supply chains, not to mention highlighting the increasing sophistication of threat actors.
More worryingly, researchers from Checkmarx published new research this month demonstrating how threat actors can impersonate native npm packages by “using lowercase to mimic uppercase letters in original package names” (e.g., memoryStorageDriver vs memorystoragedriver).
“This malicious packet impersonation takes the traditional ‘Typosquatting’ attack method to a new level, in which the attacker registers a package name consisting of the exact same letters as the legitimate one, with the only difference being capitalization,” researchers Teach Zornstein and Yehuda Gelb said.
“This makes it even more difficult for users to detect fraud as they can easily overlook small differences in capitalization.”
The supply chain security firm found that 1,900 of 3,815 packages with capital letters in their titles could be at risk of copycat attacks were it not for a fix npm maintainers pushed to address the issue, which, Checkmarx said, had There is since December 2017.
The disclosure also follows another advisor from Check Point, who identified three malicious extensions hosted on the VS Code extension marketplace. They have been cleared on May 14, 2023.
The add-ons, named prettiest java, Darcula Dark, and python-vscode, were cumulatively downloaded more than 46,000 times and include features that allow threat actors to steal credentials, system information, and create remote shells on victim machines.
It’s not just npm and VS Code marketplaces, for a similar set of malicious libraries have been unearthed from the Python Package Index (PyPI) software repository too.
Some of these packages are designed to distribute the cryptocurrency clipper malware dubbed KEKWwhile another typo version of the popular flask framework is included back door function to receive commands from a remote server.
Another Python package uncovered by Israeli company Phylum this week was found to contain a malicious dependency that stores encrypted payloads to retrieve Discord tokens and steal clipboard content to hijack cryptocurrency transactions.
The package, referred to as chatgpt-api by its developer Patrick Pogoda and accessible via GitHub, delivers advertised functionality (i.e., interacts with OpenAI’s ChatGPT tool) in an attempt to work around the gimmick. The repository is still available at the time of writing.
“For now this actor appears to be preying on the recent increase in popularity of (Big Language Model) with this chatgpt-api package,” Phylum said, adding the threat actor likely has an automated mechanism to upload new iterations of malicious dependencies. whenever removed and “maintains a persistent infection”.