Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
Save

The software supply chain remains a prime vector for threat actors seeking to infiltrate development environments and production systems alike. In a stark reminder of the risks inherent in modern open-source ecosystems, security researchers have uncovered a malicious campaign targeting the popular AsyncAPI infrastructure on the npm registry. This incident involves the compromise of four distinct packages within the @asyncapi namespace, specifically designed to deploy a sophisticated multi-stage botnet loader onto unsuspecting developer machines. The discovery highlights how even established repositories can be weaponized to distribute complex malware under the guise of legitimate functionality.

Investigations conducted collaboratively by experts from OX Security, SafeDep, Socket, and StepSecurity have identified the specific artifacts involved in this supply chain attack. The malicious versions identified include @asyncapi/generator-helpers at version 1.1.1, @asyncapi/generator-components at version 0.7.1, @asyncapi/generator at version 3.3.1, and @asyncapi/specs at versions 6.11.2 and 6.11.2-alpha.1. Users who have installed or updated these specific iterations are the primary victims of this campaign. The attack is particularly concerning given the widespread utility of AsyncAPI for building Event-Driven Architectures, suggesting a potentially broad victimology. Upon installation, these packages do not perform their intended functions but instead execute a multi-stage malware sequence. This payload is engineered to establish persistence on the host and enroll the machine into a botnet, likely for use in distributed denial-of-service attacks or further malicious activities.

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!