The time of NX agreement coincides with another important NPM supply chain search discovery: JFROG announced that it has exposed the eight malicious packages published on NPM separately, including react-SXT, react-typiex and react-design, including “extremely refined multi-lieirs’ obfolations with more than 70 layers.
“Open-source software has become one of the main entry points for the attackers as part of the attacks of the repository supply chain, which has been said to be valid, using typoswatting and mascaring with rising waves, pretending to be valid,” Jfrog safety researchers Gai a blog post by Korolevsky,
Many attack vectors target NPM ecosystems
JFROG-discovered packages targeted Chrome users on Windows with data theft capabilities, which “all user profiles are designed to extract” sensitive chrome browser data, including “all user profile sensitive chrome browser data, password, credit card information, cookies and cryptocurrency wallets. “These packages used several stolen techniques to avoid shadow copy bypass, LSASS Empression, multiple database access methods, and file-lock circles.
