Hackers inject malicious code into another popular npm library
Coa, a popular library found on npm, a manager for the JavaScript programming language, has been hijacked and used to spread malicious code, reports have claimed.
According to Bleeping Computer, the attack on coa – short for Command-Option-Argument, impacted countless React pipelines around the world. React is a JavaScript library for building user interfaces. Coa gets around 9 million downloads a week on npm, and is used by some 5 million open-source GitHub repositories.
Soon after discovering the hijack, developers also spotted another popular component – rc – also being affected. The rc library is even more popular than coa, getting some 14 million downloads a week.
One of the things that raised suspicions among developers was the fact that the last stable coa version – 2.0.2 – was released in December 2018. Then, all of a sudden, five versions began appearing on npm, all in a matter of hours, “breaking React packages that depend on coa”.
Multiple attacks
“I’m not sure why or what happened but 10 minutes ago there was a release (even though the last change on GitHub was in 2018). Whatever this release did, it broke the internet,” said Roberto Wesley Overdijk, a React developer.
Last month, a popular npm library ua-parser-js, used by many of the world’s largest websites and tech companies, was also hijacked, and with the malicious code embedded in both instances being virtually identical, it led Bleeping Computer to conclude that the malicious actor behind these incidents is probably the same.
The publication’s analysts are saying the malware is likely Danabot, a password-stealing Trojan for Windows. It is capable of stealing passwords from all popular website browsers, FTP clients, and various applications, as well as stored credit cards. It can take screenshots of active screens, and log keystrokes.
The malicious versions have since been removed, but all coa and rc library users are advised to check their projects for malicious software.
Coa, a popular library found on npm, a manager for the JavaScript programming language, has been hijacked and used to spread malicious code, reports have claimed. According to Bleeping Computer, the attack on coa – short for Command-Option-Argument, impacted countless React pipelines around the world. React is a JavaScript library…
Recent Posts
- Gentler Streak quieted my evil brain goblin so I could run in peace
- The future of AI gadgets is just phones
- Skip the Paste—You Should Chomp Down on a Toothpaste Tablet
- The game emulator your phone has been missing
- The Olympic Games Paris 2024 will feature more AI power than ever — with Intel helping lead the way
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011