CyberSecurity news

FlagThis

MalBot@malware.news //

Supply Chain Attack on Open Source Packages


Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • malware.news: Open source in the crosshairs: New cryptomining hacks highlight key threat
  • The Hacker News: TheHackerNews article about Rspack npm packages compromised with crypto mining malware.
  • AAKL: Socket, from yesterday: Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware More:
  • Security Risk Advisors: Supply Chain Attack on Rspack npm Packages Deploys Cryptojacking Malware
  • Blog (Main): ReversingLabs reports on cryptomining hacks in open source projects.
  • socket.dev: Open source in the crosshairs: New cryptomining hacks highlight key threat
  • www.bleepingcomputer.com: Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
  • Osint10x: Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
  • Osint10x: OSINT10X reports on cryptomining hacks on open source packages.
  • BleepingComputer: Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers.
  • Security Boulevard: OSS in the crosshairs: Cryptomining hacks highlight key new threat
  • 2024 Sonatype Blog: npm packages from Rspack, Vant compromised, blocked by Sonatype
  • www.npmjs.com: npm packages from Rspack, Vant compromised, blocked by Sonatype
  • malware.news: Supply chain attack compromises rspack, Vant packages with XMRig cryptominer
  • securityonline.info: Rspack Supply Chain Attack Injects Cryptojacking Malware Into npm Ecosystem
  • www.scworld.com: Supply chain attack compromises rspack, Vant packages with XMRig cryptominer
  • osint10x.com: Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
  • securityonline.info: Rspack Supply Chain Attack Injects Cryptojacking Malware Into npm Ecosystem
  • Osint10x: Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner
  • hackread.com: Supply Chain Attack Hits Popular Rspack and Vant npm Packages with Monero Miner
Classification:
  • HashTags: #SupplyChain #Cryptomining #OpenSource
  • Company: Open Source
  • Target: Open Source Users
  • Product: rspack
  • Feature: Cryptomining Malware
  • Malware: Cryptojacking Malware
  • Type: Malware
  • Severity: Major