NPM as a layer of obfuscation for the GitHub campaign
Deslab reversion researchers colortoolsv2 And mimelib2 This used Ethereum intelligent contracts for the delivery of malware in July. But little efforts were devoted to that these packages are legitimate and attractive for developers to include in their projects, which is generally the objective of supply chain attacks with NPM VOYOUS plans.
THE colortoolsv2 Package – and the mimelib2 Whoever replaced it later – only contained the files necessary to implement malware. As the researchers discovered it later, this was due to the fact that they were part of a wider coordinated campaign, the objective of which was to encourage users to execute the code from false GitHub standards which would then download the NPM packages automatically in the form of dependencies.
The Snape Github standards claimed to be for automated cryptocurrency trading robots and were designed to appear legitimate. They seemed to have several active contributors, thousands of code of code and several stars, but these were all faked with SOCCPPPET accounts created roughly at the same time as the NPM packages appeared.
