Malicious Open Source Packages Target Developers
What happened
Threat actors are increasingly targeting developers through the software supply chain, according to a recent briefing. Recent attacks include fake Next.js repositories distributing malware with hidden JavaScript and a fraudulent StripeAPI.net package designed to steal financial API keys. A separate vulnerability in GitHub Codespaces, dubbed "RoguePilot," reportedly allowed attackers to hijack repositories and exfiltrate privileged tokens.
Why it matters
The fake Next.js repositories were discovered by Microsoft and were designed to appear as coding projects for job interviews. This developer-focused campaign aimed for remote code execution by running malicious JavaScript in memory as soon as a developer cloned and opened the repository locally. The attack had multiple triggers, including a VS Code task that executed on folder open and another that ran when a developer executed "npm run dev". The fraudulent package "StripeAPI.net" was a typosquatting attack on the popular and legitimate "Stripe.net" library, which has over 75 million downloads. The malicious package mimicked the original's icon and documentation to appear credible and even artificially inflated its download count to over 180,000 across 506 different versions. The malware was designed to capture API tokens during the StripeClient initialization and exfiltrate them to a Supabase-managed database. The "RoguePilot" vulnerability was an AI-driven attack that allowed for repository takeover by injecting malicious instructions for GitHub Copilot into a GitHub issue. Discovered by security firm Orca Security, this passive prompt injection attack required no direct user interaction to trigger. When a developer launched a Codespace from a compromised issue, Copilot would automatically process the hidden, malicious prompts and could be instructed to exfiltrate sensitive data like the GITHUB_TOKEN. These incidents are part of a larger trend of attacks on the software supply chain. In one campaign, over 500 npm packages were compromised by a self-propagating worm that harvested and publicly exposed secrets. Another attack saw a malicious npm package imitating Ember.js get downloaded nearly 50,000 times, leading to full system compromise for those who installed it.
Key numbers
- The fraudulent package "StripeAPI.net" was a typosquatting attack on the popular and legitimate "Stripe.net" library, which has over 75 million downloads.
- The malicious package mimicked the original's icon and documentation to appear credible and even artificially inflated its download count to over 180,000 across 506 different versions.
- In one campaign, over 500 npm packages were compromised by a self-propagating worm that harvested and publicly exposed secrets.
- Another attack saw a malicious npm package imitating Ember.js get downloaded nearly 50,000 times, leading to full system compromise for those who installed it.
What happens next
- The fake Next.js repositories were discovered by Microsoft and were designed to appear as coding projects for job interviews.
- When a developer launched a Codespace from a compromised issue, Copilot would automatically process the hidden, malicious prompts and could be instructed to exfiltrate sensitive data like the GITHUB_TOKEN.
- Recent attacks include fake Next.js repositories distributing malware with hidden JavaScript and a fraudulent StripeAPI.net package designed to steal financial API keys.
Quick answers
What happened in Malicious Open Source Packages Target Developers?
Threat actors are increasingly targeting developers through the software supply chain, according to a recent briefing. Recent attacks include fake Next.js repositories distributing malware with hidden JavaScript and a fraudulent StripeAPI.net package designed to steal financial API keys. A separate vulnerability in GitHub Codespaces, dubbed "RoguePilot," reportedly allowed attackers to hijack repositories and exfiltrate privileged tokens.
Why does Malicious Open Source Packages Target Developers matter?
The fake Next.js repositories were discovered by Microsoft and were designed to appear as coding projects for job interviews. This developer-focused campaign aimed for remote code execution by running malicious JavaScript in memory as soon as a developer cloned and opened the repository locally. The attack had multiple triggers, including a VS Code task that executed on folder open and another that ran when a developer executed "npm run dev". The fraudulent package "StripeAPI.net" was a typosquatting attack on the popular and legitimate "Stripe.net" library, which has over 75 million downloads. The malicious package mimicked the original's icon and documentation to appear credible and even artificially inflated its download count to over 180,000 across 506 different versions. The malware was designed to capture API tokens during the StripeClient initialization and exfiltrate them to a Supabase-managed database. The "RoguePilot" vulnerability was an AI-driven attack that allowed for repository takeover by injecting malicious instructions for GitHub Copilot into a GitHub issue. Discovered by security firm Orca Security, this passive prompt injection attack required no direct user interaction to trigger. When a developer launched a Codespace from a compromised issue, Copilot would automatically process the hidden, malicious prompts and could be instructed to exfiltrate sensitive data like the GITHUB_TOKEN. These incidents are part of a larger trend of attacks on the software supply chain. In one campaign, over 500 npm packages were compromised by a self-propagating worm that harvested and publicly exposed secrets. Another attack saw a malicious npm package imitating Ember.js get downloaded nearly 50,000 times, leading to full system compromise for those who installed it.
