Techly NewsGet the app

Get the latest tech news

Self-Replicating Worm Affected Several Hundred NPM Packages, Including CrowdStrike's


The Shai-Hulud malware campaign impacted hundreds of npm packages across multiple maintainers, reports Koi Security, including popular libraries like @ctrl/tinycolor and some packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer cre...

Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. It runs TruffleHog to scan local filesystems and repositories for secrets, including npm tokens, GitHub credentials, and cloud access keys for AWS, GCP, and Azure. Some context from Tom's Hardware: To be clear: This campaign is distinct from the incident that we covered on Sept. 9, which saw multiple npm packages with billions of weekly downloads compromised in a bid to steal cryptocurrency.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of self

self

Photo of CrowdStrike

CrowdStrike

Photo of npm packages

npm packages

Related news:

News photo

Nvidia eyes $500M investment into self-driving tech startup Wayve

News photo

Keep your data out of third-party clouds by self-hosting - here's how

News photo

Tesla's 'self-driving' software fails at train crossings, some car owners warn

« Bonkers CDC vaccine meeting ends with vote to keep COVID shot access | A push to require prescriptions for every COVID shot failed in a split vote.
US will control TikTok’s algorithm under deal, White House says »