JQuery Attack Targets NPM and GitHub, Able to Extract Web Form Data

Published:

spot_img

Trojanized jQuery Attack Spreading on npm and GitHub: Researchers Discover

A trojanized version of jQuery has been discovered spreading on the npm JavaScript package manager, GitHub, and other platforms, posing a significant threat to developers and website owners. Security researchers from Phylum have been tracking this “persistent supply chain attacker” since May 26, uncovering compromised versions of jQuery in numerous packages across various domains.

The malicious packages are designed to extract website form data and send it to multiple URLs, showcasing a high level of variability and customization by the attacker. This unique attack method involves modifying the end function of jQuery to include additional malicious code, cleverly hidden within the animation utilities.

What makes this attack particularly concerning is the ad-hoc nature of the packages, the inclusion of personal files not typically found in npm publications, and the manual assembly and publication process. Despite the specific conditions required to trigger the malware, the widespread distribution of these packages increases the potential impact on unsuspecting developers.

To protect against supply chain threats like this, developers are advised to download packages only from trusted sources, regularly update and patch their projects, verify package signatures, and utilize package security tools. This incident serves as a reminder of the evolving complexity and reach of supply chain threat actors, highlighting the importance of vigilance and proactive security measures in the development process.

spot_img

Related articles

Recent articles

JustAI Secures $17 Million to Propel Agentic AI Revolution in Marketing Execution

JustAI Secures $17 Million to Propel Agentic AI Revolution in Marketing Execution In a significant development for the marketing technology landscape, San Francisco-based startup JustAI...

Transforming Risk Communication: Bridging the Gap Between Cybersecurity and Business Strategy

Transforming Risk Communication: Bridging the Gap Between Cybersecurity and Business Strategy In today’s rapidly evolving digital landscape, the disparity between our understanding of outer space...

AI Cyber Attacks Surge as Top Threat to Indian Banking, Warns RBI

AI Cyber Attacks Surge as Top Threat to Indian Banking, Warns RBI The Reserve Bank of India (RBI) has pinpointed AI Cyber Attacks as the...

India and Japan Strengthen Indo-Pacific Ties as PM Takaichi Arrives for 20th Annual Summit

India and Japan Strengthen Indo-Pacific Ties as PM Takaichi Arrives for 20th Annual Summit Japanese Prime Minister Sanae Takaichi is set to arrive in New...