Trojanized jQuery Attack Spreading on npm and GitHub: Researchers Discover

A trojanized version of jQuery has been discovered spreading on the npm JavaScript package manager, GitHub, and other platforms, posing a significant threat to developers and website owners. Security researchers from Phylum have been tracking this “persistent supply chain attacker” since May 26, uncovering compromised versions of jQuery in numerous packages across various domains.

The malicious packages are designed to extract website form data and send it to multiple URLs, showcasing a high level of variability and customization by the attacker. This unique attack method involves modifying the end function of jQuery to include additional malicious code, cleverly hidden within the animation utilities.

What makes this attack particularly concerning is the ad-hoc nature of the packages, the inclusion of personal files not typically found in npm publications, and the manual assembly and publication process. Despite the specific conditions required to trigger the malware, the widespread distribution of these packages increases the potential impact on unsuspecting developers.

To protect against supply chain threats like this, developers are advised to download packages only from trusted sources, regularly update and patch their projects, verify package signatures, and utilize package security tools. This incident serves as a reminder of the evolving complexity and reach of supply chain threat actors, highlighting the importance of vigilance and proactive security measures in the development process.