A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information.
“After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure NPM scope, by an attacker that employed an automatic script to create accounts and upload malicious packages that cover the entirety of that scope,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe said in a new report.
The entire set of malicious packages was disclosed to the NPM maintainers roughly two days after they were published, leading to their quick removal, but not before each of the packages were downloaded around 50 times on average.
The attack refers to what’s called typosquatting, which takes place when bad actors push rogue packages with names mimicking legitimate libraries to a public software registry such as NPM or PyPI with the hope of tricking users into installing them.
In this specific case observed by the DevSecOps firm, the adversary is said to have created dozens of malicious counterparts with the same name as their existing @azure scope packages but without the scope name (e.g., @azure/core-tracing vs. core-tracing).
“The attacker is relying on the fact that some developers may erroneously omit the @azure prefix when installing a package,” the researchers said. “For example, running npm install core-tracing by mistake, instead of the correct command – npm install @azure/core-tracing.”
Not only did the attack leverage a unique username to upload every single package to the repository to avoid raising suspicion, the malware-laced libraries also featured high version numbers (e.g., 99.10.9), indicating an attempt to carry out a dependency confusion attack.
Should a developer unwittingly install one of these packages, it leads to the execution of a reconnaissance payload that’s designed to list directories as well as gather information about the user’s current working directory and IP addresses related to network interfaces and DNS servers, all of which is exfiltrated to a hardcoded remote server.
“Due to the meteoric rise of supply chain attacks, especially through the NPM and PyPI package repositories, it seems that more scrutiny and mitigations should be added,” the researchers said.
“For example, adding a CAPTCHA mechanism on npm user creation would not allow attackers to easily create an arbitrary amount of users from which malicious packages could be uploaded, making attack identification easier.”