disclosed New Portion malicious NPM packets created for target attacks on German companies Bertelsmann, Bosch, STIHL and DB SCHENKER. To attack, used method of mixing dependencies , manipulating the intersection of dependencies in public and internal repositories. In publicly available applications, the attackers find traces of contacting internal NPM packets loaded from corporate repositories, the field of which are placed packages with the same names and more new versions in the public repository of the NPM. If, when assembling, the internal libraries are clearly not tied in the settings to their repository, the NPM package manager considers the public repository more priority and loads the packet prepared by the attacking. For identifying vulnerabilities in the products of large companies, the discovered packages do not contain notifications about testing and include Optional A working malicious code that loads and starts a bacher for remote control of the affected system.
The general list of packets participating in the attack is not reported, the GXM-Reference -we-Auth-Server, LDTZSTXWZPNTXQN and LZNFJBHURPJSQMR, which were posted under the Boschnodemoduards record in the NPM repository, with more newly newer newly more than newly newly newly more than newly new monomers are mentioned as an example. and 4.0.49 than the original internal packages. It is not yet clear how the attackers managed to find out the names and versions of internal libraries, the mention of which is absent in open repositories. It is assumed that the information was obtained as a result of internal leaks of information. The NPM administration received a notification of malicious packages 4 hours after publication.