AI Security AI安全 4h ago Updated 1h ago 更新于 1小时前 49

Multiple Jscrambler Packages Impacted by Supply Chain Attack 多个Jscrambler软件包受供应链攻击影响

A supply chain attack compromised Jscrambler’s NPM package using stolen publishing credentials, resulting in the distribution of malicious versions 8.16 through 8.20. The malware utilized a `preinstall` hook to execute Rust-based binaries that targeted developer environments, stealing credentials, crypto wallets, and AI assistant configurations. Affected downstream packages included Jscrambler-webpack-plugin, gulp-Jscrambler, grunt-Jscrambler, and Jscrambler-metro-plugin, impacting users relying Jscrambler NPM包遭遇供应链攻击,攻击者利用泄露凭证发布含恶意代码的版本(8.16-8.20),导致1,479次下载。 恶意包通过preinstall hook触发感染链,执行Rust编写的二进制文件窃取开发者及云操作员的敏感信息。 窃取的威胁范围广泛,包括凭证、加密货币钱包、AI助手配置、浏览器会话及操作系统密钥环等。 恶意软件具备权限提升、持久化驻留及主机侦察能力,并通过TLS将数据外泄至服务器。 官方已撤销并轮换所有相关凭证,建议用户立即卸载受影响版本并全面扫描系统。

70
Hot 热度
65
Quality 质量
75
Impact 影响力

Analysis 深度分析

TL;DR

  • A supply chain attack compromised Jscrambler’s NPM package using stolen publishing credentials, resulting in the distribution of malicious versions 8.16 through 8.20.
  • The malware utilized a preinstall hook to execute Rust-based binaries that targeted developer environments, stealing credentials, crypto wallets, and AI assistant configurations.
  • Affected downstream packages included Jscrambler-webpack-plugin, gulp-Jscrambler, grunt-Jscrambler, and Jscrambler-metro-plugin, impacting users relying on these dependencies.
  • The malicious binaries performed host reconnaissance, privilege escalation, and exfiltrated data over TLS to remote servers before being deprecated.

Why It Matters

This incident highlights the critical vulnerability of open-source supply chains, where compromise of a single maintainer's credentials can cascade into widespread malware distribution across thousands of dependent projects. It underscores the urgent need for rigorous dependency auditing and credential rotation, particularly for packages that run code during installation phases like preinstall hooks. For AI practitioners, the specific targeting of AI coding assistants and MCP server configurations signals a growing trend of attackers seeking to hijack automated development workflows and sensitive model data.

Technical Details

  • Attack Vector: Compromised NPM publishing credentials allowed attackers to push modified package versions containing a preinstall script hook.
  • Malware Mechanism: The hook executed setup.js, which loaded platform-specific binaries (Linux, macOS, Windows) written in Rust via intro.js.
  • Payload Capabilities: The Rust binaries acted as information stealers, harvesting credentials, secrets, cryptocurrency seed phrases, browser sessions, and configurations for AI coding assistants and MCP servers.
  • Exfiltration: Data was exfiltrated over TLS using rustls to a drop server, and the malware attempted to use stolen credentials to query cloud and orchestration APIs.
  • Impact Scope: The core library infection propagated to four major plugins (webpack, gulp, grunt, metro), affecting approximately 1,479 downloads before remediation.

Industry Insight

  • Organizations must implement strict access controls and multi-factor authentication for all package publishing credentials, treating them with the same security posture as production infrastructure keys.
  • Security tools should prioritize detecting anomalous behavior in preinstall or lifecycle scripts, as these are common vectors for executing arbitrary code during dependency resolution.
  • Developers should regularly audit their dependency trees for known compromised packages and immediately rotate any credentials stored in environments where infected packages were installed, especially those interacting with cloud providers or AI tools.

TL;DR

  • Jscrambler NPM包遭遇供应链攻击,攻击者利用泄露凭证发布含恶意代码的版本(8.16-8.20),导致1,479次下载。
  • 恶意包通过preinstall hook触发感染链,执行Rust编写的二进制文件窃取开发者及云操作员的敏感信息。
  • 窃取的威胁范围广泛,包括凭证、加密货币钱包、AI助手配置、浏览器会话及操作系统密钥环等。
  • 恶意软件具备权限提升、持久化驻留及主机侦察能力,并通过TLS将数据外泄至服务器。
  • 官方已撤销并轮换所有相关凭证,建议用户立即卸载受影响版本并全面扫描系统。

为什么值得看

此次事件揭示了开源生态中依赖包管理的脆弱性,特别是针对开发工具类库的攻击能直接渗透至高权限的开发环境。对于安全从业者和企业而言,这是一次关于供应链信任边界和凭证管理重要性的深刻警示,强调了监控第三方包行为及实施最小权限原则的必要性。

技术解析

  • 攻击向量与传播:攻击者通过获取NPM发布凭证,在7月11日推送了包含preinstall钩子的恶意版本。该钩子在安装过程中自动执行,触发后续恶意载荷的部署,影响了Jscrambler及其多个插件(如webpack、gulp、grunt插件)。
  • 恶意载荷机制:恶意代码包含setup.jsintro.js两个新文件。setup.js负责加载并执行针对Linux、macOS和Windows的平台特定二进制文件。这些二进制文件由Rust编写,旨在进行信息窃取。
  • 窃取目标与功能:恶意软件专门针对开发者机器,窃取内容包括云操作员凭证、加密货币种子短语、AI编码助手及MCP服务器配置、协作应用数据、浏览器Cookie/Session以及Steam会话和OS密钥环。
  • 持久化与外联:除了窃取数据,恶意程序还尝试提升权限以实现持久化驻留,并进行主机侦察。它使用rustls通过TLS协议将窃取的数据外泄至疑似Drop Server,并利用窃取的凭证查询云和编排API。

行业启示

  • 强化供应链安全监控:企业应建立对第三方依赖包的自动化监控机制,特别是针对开发工具和构建脚本,需检测异常的预安装脚本或二进制文件行为。
  • 凭证管理与隔离:必须严格实施凭证轮换策略,并采用最小权限原则限制CI/CD环境和开发工具的访问范围,防止单一凭证泄露导致整个供应链被攻破。
  • 开发者安全意识教育:鉴于攻击目标直指AI助手配置和云凭证,需加强对开发者的安全教育,使其意识到开源包可能成为针对高级威胁(如AI配置窃取)的入口,并及时响应安全公告。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全 Open Source 开源