CISA warns of trojanized versions of JavaScript library’s NPM package

The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository.

On Friday, the US Cybersecurity and Infrastructure Security Agency (CISA) released a warning to disclose an incident related to the GitHub Advisory Database. According to CISA, a crypto-mining malware was hidden in a popular JavaScript NPM library, UAParser.js.

The library rakes in more than six to eight million downloads per week and is used in websites and applications to identify browsers and systems used. The NPM platform became a part of Microsoft-owned GitHub in 2020.

Three Rogue NPM Packages Discovered

The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository.

Reportedly, three versions of UYAParser.js, 0.7.29, 0.8.0, 1.0.0, were embedded with malicious code after the attacker successfully hijacked the NPM account of the maintainer.

It was identified that a device running any of these versions could allow attacked access to sensitive and confidential information and even let them take control of the computer.

It is suspected that the malicious code was injected to install a crypto miner on the targeted system.

Read More: https://www.hackread.com/cisa-trojanized-javascript-library-npm-package/