A year after a glitch at cybersecurity company CrowdStrike triggered a global computer outage affecting millions of computers, the software vendor is being forced to contain a new threat: a swarm of self-replicating worms.
As first reported by investigative cybersecurity journalist Brian Krebs, CrowdStrike once again became the launchpad for a potentially debilitating security hazard when some 25 code packages were compromised by a novel strand of malware.
Dubbed “Shai-Hulud,” the malicious software is designed to slip into developer machines through the JavaScript repository “Node Package Manager” (NPM), a widely used database of software modules and coding tools. According to Krebs, once the malware nabs credentials from an infested computer, it publishes its finds to a public file on GitHub, which includes the name “Shai-Hulud” — the mythic sandworm from Frank Herbert’s 1965 sci-fi novel “Dune.”
What makes Shai-Hulud particularly devastating is that every time an unsuspecting developer installs an infected module from NPM, the worm searches their system for “access tokens” — a way to download NPM content without a username or password — and infects the 20 most popular packages associated with that person’s account.
“This creates a cascading effect where an infected package leads to compromised maintainer credentials, which in turn infects all other packages maintained by that user,” said StepSecurity researcher Ashish Kurmi.
In a breakdown of the attack, software engineer Karlo Zanki of ReversingLabs called Shai-Hulud a “first of its kind self-replicating worm.”
So far, Kreb says that at least 187 NPM modules have been affected, including the 25 managed by CrowdStrike. Intriguingly, the worm is designed to assume its victim is operating a computer with a Linux or Mac operating system, and to “deliberately skip” Windows PCs.
NPM and CrowdStrike quickly removed the infected packages, which has slowed the worm’s spread.
“After detecting several malicious NPM packages in the public NPM registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries,” a CrowdStrike representative told The Hacker News.
Charlie Eriksen, a researcher at security firm Aikido, put it in even starker terms in an interview with Krebs.
“I would think of this attack as a ‘living’ thing almost, like a virus,” he warned. “Because it can lay dormant for a while, and if just one person is suddenly infected by accident, they could restart the spread. Especially if there’s a super-spreader attack.”
More on cybersecurity: Man’s Entire Life Destroyed After Downloading AI Software
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
