User-Agent data is utilized by UA-Parser-JS in applications and webpages to determine the type of device or browser a user is using. A remote attacker might gain access to sensitive information or take control of a computer or device that has the vulnerable software installed or running.
In a supply-chain assault, hackers used the popular UA-Parser-JS NPM module, which receives millions of downloads every week, to infect Linux and Windows machines with cryptominers and password-stealing trojans.
The UA-Parser-JS package parses a browser’s user agent to determine a visitor’s browser, engine, operating system, processor, and device type/model. With millions of downloads every week and over 24 million downloads so far this month, the library is extremely popular.
The library is used in over a thousand additional projects like the ones of Facebook, Microsoft, Amazon, Instagram, Google, Slack, Mozilla, Discord, Elastic, Intuit, Reddit, and others.
A threat actor released malicious versions of the UA-Parser-JS NPM module recently, thus allowing cryptominers and password-stealing trojans to be installed on Linux and Windows systems.
According to a developer that used the library and became a victim, his NPM account was hacked and the three malicious versions of the library were deployed using it.