Thursday, 16 January, 2020 UTC


Summary

Microsoft has detected and reported a malicious npm file that was uploaded to the Node.js platform npm on December 31.

In an official advisory acknowledging the malicious package, npm reveals that the malicious code was discovered in 1337qq-js, which has already been downloaded by more than 30 users.

All versions ranging in between 1.0.11 and 1.0.9 include the malicious code, according to the advisory. On the other hand, version 0.0.1-security is completely clean and can be safely downloaded.

Microsoft reported the package on January 13 and the advisory was published on the same day just after its removal.

The malicious code specifically targets UNIX system, and it uses install scripts to exfiltrate sensitive information such as environment variables, running processes, the npmrc file, uname -a, and /etc/hosts content.

The advisory, which has a critical severity rating, indicates that the only way to remove the... (read more)