Cybersecurity researchers have discovered a new software supply chain attack campaign that compromises various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave.
“This attack affects packages associated with the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts that is downloaded approximately 1.1 million times each week,” Socket said.
The list of affected packages includes @antv packages such as @antv/g2, @antv/g6, @antv/x6, @antv/l7, @antv/s2, @antv/f2, @antv/g, @antv/g2plot, @antv/graphin, @antv/data-set, as well as echarts-for-react, timeago.js, size-sensor, canvas-nest.js etc.
According to the application security firm, this tradecraft is consistent with Mini Shai-Hulud, which leverages compromised administrator accounts to push out trojanized versions in quick succession.
This development comes as supply chain attack campaigns continue to slip through the software supply chain, rapidly infiltrating various open source registries and infecting hundreds of software packages by injecting credential-stealing code into popular development tools.
“The potential scope of the explosion is significant because the affected public accounts are connected to packages that are widely used across the data visualization, graphing, mapping, charting, and React component ecosystems,” Socket said. “Even if only a subset of those packages receive a malicious update, the popularity of the package ecosystem exposes organizations that automatically obtain new dependency versions to significant downstream risk.”
According to SafeDep, the attackers allegedly published 631 malicious versions across 314 packages. The stealer payload collects over 20 credential types, Amazon Web Services, Google Cloud, Microsoft Azure, GitHub, npm, SSH, Kubernetes, Vault, Stripe, database connection strings and attempts to escape the Docker container via host socket. This stealer is identical to the Mini Shai-Hulud payload used in the SAP compromise.
shy full framework
“There are two execution paths used in this attack,” Safedepp said. “Each compromised version adds a preinstallation hook (bun runindex.js). 630 of the 631 malicious versions also inject an OptionalDependency entry [pointing to imposter commits] This will deliver a second copy of the payload via the canonical antvis/G2 GitHub repository. ”
“A 22-minute public burst across 314 packages (631 versions) with identical obfuscated payloads precluded any staged or targeted operations. This was a rapid, automated exfiltration using stolen tokens.”
The self-replicating Mini Shai-Hulud campaign has been attributed to a financially motivated attacker named TeamPCP. But as of last week, the activity entered an aggressive new phase after TeamPCP released the entire source code for use by other threat actors as part of a supply chain attack contest announced in partnership with BreachForums.
“While open sourcing a production attack framework is not unprecedented, it is unusual for an active campaign,” Datadog said. “This lowers the barrier for other attackers to adopt TeamPCP’s playbook, which includes more advanced techniques such as OIDC token abuse, provenance forgery, and AI tool persistence hooks.”
Since then, an unknown attacker has uploaded four malicious packages. One of them contains a near-exact copy of the Shai-Hulud worm with its own command and control infrastructure, indicating that cloned versions of the worm may find their way into the open source ecosystem.
This wave of imitation complicates attribution efforts, while attacks continue to facilitate credential theft and open the door for subsequent exploitation. This incident once again illustrates how compromised tools already trusted within corporate networks can be exploited as vectors for the delivery of malware. What makes this campaign really dangerous is that one breach influences the next, and the attack surface continues to grow as more packages are hacked.
“This campaign is designed to commit credential theft at scale,” Trend Micro said in a report last week. “Organizations using GitHub Actions, PyPI, Docker Hub, and GHCR” [GitHub Container Registry]VS Code extensions, and cloud-connected CI runners are directly exposed to this risk. ”
Source link
