Sonatype has discovered an npm package with malicious code that was released on 30. October was released. The package, which has since been removed from the package manager, used the company name Twilio for brandjacking. It opens a reverse shell on the systems of developers who have installed it. The package appeared in three versions in a short time, the first of which was obviously harmless, only to deliver the malicious code in the update.

Alleged Twilio package Total 371 downloads recorded the package with the name twilio-npm probably over the Halloween weekend. The attackers rely on brandjacking: The name suggests that the package is related to the cloud communication platform Twilio or even officially comes from Twilio.

The company is not behind the release of the package, even if the name of the official package is quite similar: twilio-node is available in version 3.5 and, according to official npm statistics, records over 400. 000 weekly downloads . In addition, numerous other legitimate and potentially useful packages for the Twilio platform exist on npm.

Attack in version steps Since 30. October three versions of the brandjacking package appeared: twilio-npm 10. 0, 10. 1 and 2. The former only consists of the small manifest file package.json , which loads a resource from a subdomain of the reputable provider ngrok. It offers public URLs that some developers use for test purposes, for example to reach a local web server or to set up a VPN tunnel to the local host behind a firewall.

In the tests by Sonatype, the version 10. 0 only an error message that a tunnel could not be found. The versions 10. 1 and 10. 2 replace the postinstall script to access the ngrok -Server via curl but by calling a reverse shell to an external server. The code effectively opens a backdoor that enables remote code execution (RCE) for attackers, regardless of NAT (Network Address Translation) or a firewall.

Opening the reverse shell in the postinstall part of the package.json file is only possible from version 10. 1 included.

(Image: Sonatype)

Expect the worst The open back door offers a wide playground for attackers. For this reason, npm advises in the security warning for the malicious code package, which has now been confirmed, that developers should assume that a computer is completely compromised if they have installed or executed the package there. You should therefore regard all keys and secrets stored on the system as known and replace them with others everywhere.

Those affected should of course remove the affected package from their system. However, that does not mean that the computer is free of malicious code, as the attackers could have installed other software via the original package.

Target package manager The most recent attack is not an isolated incident. Reports of malicious code appear again and again in package managers. After a significant increase in attacks three years ago, npm introduced additional security features, but these can never provide complete protection. In addition to brandjacking, typosquatting is one of the popular attack patterns: Packages are given names that are similar to the names of popular packages.

Special attention was paid in the summer 2017 the case of hacktask arouses, which, as from the textbook, among other things, packages with the names jquery.js instead of jquery , babelcli instead of babel-cli and ffmepg instead of ffmpeg had published. Finally, the malicious code in crossssenv , which was linked to cross-env – User aimed. Altogether 40 packages from hacktask were removed by npm.

Initially harmless versions to publish the malicious code in updates is also not a new approach: 2019 npm had such an attack in the electron-native-notify – Package discovered that initially looked harmless and later contained code that was supposed to steal cryptocurrency.

npm is not the only target: packages infected with malicious code keep appearing in the Python package manager PyPI (Python Package Index).

(rme) 2019