The Indian Computer Emergency Response Team (CERT-In) has issued an advisory, noting the risk of a cyber threat campaign specifically targeting JavaScript’s node package manager (npm) ecosystem. The country’s cybersecurity watchdog warned that attackers are using a worm-like malware dubbed ‘Shai-Hulud’ to compromise software packages, posing a huge threat to startups, IT companies, fintech platforms and e-governance applications.
How Does the Shai-Hulud Malware Campaign Work?
In its advisory dated September 25, India’s cybersecurity nodal agency stated that it has observed a widespread malware attack targeting JavaScript’s Node Package Manager ecosystem — a network of open-source software packages and tools used by developers to create applications, websites, and digital services. Attackers are deploying malicious package versions containing the Shai Hulud malware, triggering a multi-stage spread across projects. The malware gets its moniker from an extraterrestrial creature that appears in Frank Herbert’s sci-fi novel series Dune.
According to CERT-In, the malware attack began with phishing emails spoofing npm and tricking app developers into revealing their login details. Once the attackers get access, they inject malicious code into their software kits to harvest sensitive credentials, including:
- .npmrc files (for npm tokens)
- Configuration files specifically targeting GitHub Personal Access Tokens and API keys for cloud services such as Amazon Web Services, Google Cloud Platform and Microsoft Azure.
The cybersecurity watchdog further states that the compromised software packages contain a self-propagating worm (hence, the name Shai Hulud) that spreads across the entire developer network. According to CERT-In, 500 software packages have already been compromised due to this malware.
“This attack has the potential to impact start-ups, IT/ITES companies, fintech platforms and e-Governance applications that rely on npm-based software, resulting in exposure of credentials, unauthorised code execution and further supply chain compromise,” CERT-In warned.
How Can Companies Prevent Such An Attack?
In the wake of the latest cyber threat posed by Shai Hulud, CERT-In has urged companies to follow some cybersecurity practices to prevent such attacks:
- Audit Dependencies: Conduct a review of all software dependent on npm, checking package-lock.json or yarn.lock files to identify affected software packages.
- Rotate Credentials: Change all developer credentials, including for npm, GitHub and cloud service keys.
- Mandate Phishing-Resistant MFA: Use biometrics and hardware security keys and other phishing-resistant multifactor authentication (MFA) rather than traditional MFA, which relies on passwords, SMS-based OTPs or email-based codes.
- Strengthen GitHub Security: Remove unnecessary GitHub apps and OAuth apps; enable branch protection and secret scanning.
- Look For Signs Of Compromise:…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
