Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

https://firewall.firm.in/wp-content/uploads/2024/07/jquery.png

Jul 09, 2024NewsroomSupply Chain Attack / Web Security

Trojanized jQuery Packages

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a “complex and persistent” supply chain attack.

“This attack stands out due to the high variability across packages,” Phylum said in an analysis published last week.

“The attacker has cleverly hidden the malware in the seldom-used ‘end’ function of jQuery, which is internally called by the more popular ‘fadeTo’ function from its animation utilities.”

Cybersecurity

As many as 68 packages have been linked to the campaign. They were published to the npm registry starting from May 26 to June 23, 2024, using names such as cdnjquery, footersicons, jquertyi, jqueryxxx, logoo, and sytlesheets, among others.

There is evidence to suggest that each of the bogus packages were manually assembled and published due to the sheer number of packages published from various accounts, the differences in naming conventions, the inclusion of personal files, and the long time period over which they were uploaded.

This is unlike other commonly observed methods in which attackers tend to follow a predefined pattern that underscores an element of automation involved in creating and publishing the packages.

The malicious changes, per Phylum, have been introduced in a function named “end,” allowing the threat actor to exfiltrate website form data to a remote URL.

Further investigation has found the trojanized jQuery file to be hosted on a GitHub repository associated with an account called “indexsc.” Also present in the same repository are JavaScript files containing a script pointing to the modified version of the library.

Cybersecurity

“It’s worth noting that jsDelivr constructs these GitHub URLs automatically without needing to upload anything to the CDN explicitly,” Phylum said.

“This is likely an attempt by the attacker to make the source look more legitimate or to sneak through firewalls by using jsDelivr instead of loading the code directly from GitHub itself.”

The development comes as Datadog identified a series of packages on the Python Package Index (PyPI) repository with capabilities to download a second-stage binary from an attacker-controlled server depending on the CPU architecture.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket