Malware

Supply chain attack compromises rspack, Vant packages with XMRig cryptominer

BleepingComputer reports that high-performance JavaScript bundler Rspack and customizable Vue.js UI library Vant had a trio of widely-used npm packages discovered by Sonatype and Socket researchers to have been breached to facilitate the distribution of the XMRig cryptocurrency mining malware as part of a supply chain attack.

Exfiltrated npm account tokens have been leveraged by threat actors to integrate malicious code within the @rspack/core and @rspack/cli packages' 'support.js' and 'config.js' files, respectively, which automatically executes using the post-install script of the npm and then fetches the targeted system's location and network information before downloading the XMRig binary, a report from Socket showed. On the other hand, the impacted Vant package was identified to have concealed XMRig as '/tmp/vant_helper.' Both Rspack and Vant have already addressed the issue, with the former urging users to immediately update to version 1.1.8 or later. Vant has also called on users to promptly apply versions 4.9.15 and newer to avert the risk of compromise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds