24th July 2021, Kathmandu
Threat to Google Chrome Passwords: NPM Malware. NPM malware was found exploiting passwords of Google Chrome.
It is a known incontrovertible fact that organizations and individuals should protect publicly exposed applications and services against latent threats. However, there are always weak links and threat actors are always on the lookout for straightforward ways to infiltrate a network. One of the ways to undertake so is by exploiting the trust placed in third-party code by developers. A software package from the npm repository has been spotted serving as a tool with an aim to steal passwords saved within the Chrome browser.
Security Analysts found the malware pilfering credentials from Chrome on Windows systems. The password-stealer package hears for incoming commands from the attacker’s command-and-control (C2) server and can upload files, record from a victim’s screen and camera, and execute shell commands as well, so, it is known to be multifunctional.
For the time being, the first, main threat is nodejs_net_server.
Why it matters
For three years, the malware has inhabited the npm registry, which is a concerning factor. This threat vindicates the fact that attacks on open-source ecosystems are not going away anywhere. It also substantiates that the threats are capable of evading detection for long periods.
The bottom line
Npm as well as cybercriminals have also penetrated PyPI to illegitimately mine cryptocurrency. This latest news shows how developers sometimes put too much trust in third-party code. Public package repositories serve as a good hiding place for malware. Therefore, there is an increasing demand for security measures that would help promptly detect and protect against these threats.