pull_request_target. This allows third-party workflows to run automatically, a way of avoiding maintainer approval fatigue, but means that the maintainer’s short-lived OIDC tokens become vulnerable to scraping.Armed with these tokens, the attacker were able to compromise the packages by injecting the malicious Mini Shai-Hulud malware, which propagated to other projects.The purpose is to steal developer credentials such as GitHub and npm tokens, cloud credentials, API keys, Kubernetes service accounts, and SSH keys. Less pleasantly, the malware also installs a destructive ‘dead man’s switch’ monitor which attempts to delete the user’s entire home directory if a developer revokes a stolen GitHub token.Attacks by TeamPCP targeting software supply chains have become a recurring theme in recent months. This includes a similar compromise in April of the command line version of the Bitwarden password manager. A month earlier it was Aqua Security’s Trivy open-source vulnerability scanner, later revealed to have caused a data breach at the EU’s Europa.eu web hub.
Enterprise prize: According to Abhisek Datta, founder of SafeDep, one of the first vendors to detect the compromise, TeamPCP appeared to have designed the campaign to target US developers.”They know that high-profile attacks will be detected quickly by the industry. By targeting specific US working hours, they likely want to maximize their return during a short window of opportunity,” he said via email.”The way the software usage and trust network has evolved, primarily leaning towards implicit trust, is probably the root cause that is being exploited in these attacks. Unfortunately, it’s hard to fix, especially today where developers and software companies expect velocity over everything else.”Developers could put more security around packages, but this would create added friction, Datta said. “Honestly, I would say this is something the world is still trying to figure out.”SafeDep has published a full list of affected packages, with indicators of compromise. If any of the compromised packages are in use, recommended actions are to check the lockfile for known compromised versions, pin dependencies to knows good versions, and to check for evidence of malware files. If an infected version is suspected, credentials in use at the time of import should be rotated.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4170284/mistral-ai-sdk-tanstack-router-hit-in-npm-software-supply-chain-attack.html
