AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads
Overview
On July 14, researchers from OX Security revealed that several AsyncAPI npm packages were compromised, leading to the injection of malware capable of stealing information, stealing cryptocurrency, and allowing remote access to infected systems. The packages affected include @asyncapi/generator version 3.3.1 and @asyncapi/generator-components version 0.7.1, which collectively have over 2 million downloads each week. This incident poses significant risks to developers and organizations using these packages, as the malicious code could potentially lead to severe data breaches and financial losses. Users of these packages are urged to take immediate action to secure their systems and avoid using the compromised versions. The discovery of this attack underscores the vulnerabilities present in the npm ecosystem and the importance of maintaining vigilance against supply chain attacks.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: @asyncapi/generator 3.3.1, @asyncapi/generator-components 0.7.1
- Action Required: Users should immediately stop using the compromised versions and update to secure versions once they are released.
- Timeline: Disclosed on July 14, 2023
Original Article Summary
AsyncAPI npm packages with 2M weekly downloads were compromised, spreading malware with info-stealing, crypto-theft and RAT capabilities. OX Security researchers disclosed on July 14 that the AsyncAPI npm organization was compromised, with malicious code injected into four packages that together account for over 2 million weekly downloads. The affected versions are @asyncapi/generator 3.3.1, @asyncapi/generator-components 0.7.1, […]
Impact
@asyncapi/generator 3.3.1, @asyncapi/generator-components 0.7.1
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Disclosed on July 14, 2023
Remediation
Users should immediately stop using the compromised versions and update to secure versions once they are released. Regularly monitor for updates and patches related to these packages.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Malware.