Two npm packages, @rspack/core and @rspack/cli, were compromised in a supply chain attack, allowing the publication of malicious versions containing cryptocurrency mining malware. The attack targeted specific countries and aimed to execute XMRig cryptocurrency miner on Linux hosts. The malicious versions have been unpublished, and version 1.1.8 is now considered safe. The incident highlights the need for stricter safeguards in package managers to protect developers. The Rspack project maintainers have taken steps to secure their infrastructure, including invalidating tokens and auditing source code. An investigation into the root cause of the token theft is ongoing. Author: AlienVault
Related Tags:
rspack
T1195.001
Iran
Islamic Republic of
T1070.004
T1059.004
XMRig
China
npm
Belarus
Associated Indicators:
null