Sophisticated attack against NPM ecosystem ongoing

NPM is being subjected to a new ongoing attack with a novel execution chain involving package pairs that work together to facilitate additional resource retrieval and execution, reports The Hacker News. Remote server tokens stored by the first package will be passed by the second package as a parameter along with the type of operating system in an effort to secure a secondary script from the remote server, according to a Phylum report. Attackers behind the operation have not yet been identified but the campaign has been characterized as an advanced supply chain threat. "It's crucial that each package in a pair is executed sequentially, in the correct order, and on the same machine to ensure successful operation. This carefully orchestrated attack serves as a stark reminder of the ever-evolving complexity of modern threat actors in the open-source ecosystem," said Phylum researchers. The findings follow Sonatype's discovery of malicious Python Package Index packages, as well as its identification of the libiobe package that could compromise Windows and Linux systems.