NPM as obfuscation layer for github campaign
Reveringlabs researchers discover two wicked NPM packages colortoolsv2 And mimelib2 In July, atherium smart contracts were used for malware delivery. But it was not much effort to look valid and attractive for developers to include those packages in their projects, which usually aims to attacks of supply chain with evil NPM packages.
colortoolsv2 Package – and mimelib2 One that later replaced it – it included the files required to apply only malicious functionality. As the researchers later found, it was because they were part of a large coordinated campaign, whose focus was to run the code from the fake Github repository to run the code which would then download the NPM package automatically as dependence.
The evil Github Repository claimed to be for the automatic cryptocurrency trading bot and was designed to look valid. He had many active contributors, thousands of code committees and many stars, but all of them were fake with the sockpeat accounts built around the same time, such as NPM package pop up.
