AI Security AI安全 7d ago Updated 7d ago 更新于 7天前 49

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets 朝鲜关联的npm包伪装成Rollup Polyfill以窃取开发者机密

North Korea-linked threat actors published malicious npm packages mimicking legitimate Rollup polyfill tools to steal developer secrets and establish remote access. The attack utilizes a multi-stage delivery mechanism, hiding Base64-encoded install commands and fetching encrypted JavaScript payloads from external servers after bypassing sandbox detection. The resulting malware targets sensitive developer environments, harvesting credentials from IDEs (VS Code, Cursor), cloud providers (AWS, Azur 朝鲜关联的黑客组织利用仿冒的 npm 包(如伪装成 Rollup polyfill 工具)窃取开发者敏感数据。 攻击采用多层级结构,通过隐蔽的 Base64 编码命令加载第二阶段恶意软件,最终执行凭证窃取和远程访问控制。 恶意载荷专门针对开发环境,收集 VS Code、Cursor 等编辑器历史及 AWS、Azure 等云配置,并具备键盘鼠标模拟能力。 此类供应链攻击与近期针对 Python (PyPI) 和 DeFi 领域的多个恶意包发布活动同步发生,显示攻击模式的一致性。

75
Hot 热度
70
Quality 质量
65
Impact 影响力

Analysis 深度分析

TL;DR

  • North Korea-linked threat actors published malicious npm packages mimicking legitimate Rollup polyfill tools to steal developer secrets and establish remote access.
  • The attack utilizes a multi-stage delivery mechanism, hiding Base64-encoded install commands and fetching encrypted JavaScript payloads from external servers after bypassing sandbox detection.
  • The resulting malware targets sensitive developer environments, harvesting credentials from IDEs (VS Code, Cursor), cloud providers (AWS, Azure), and cryptocurrency wallets.
  • This campaign is part of a broader trend of supply chain attacks targeting open-source repositories, including recent PyPI and npm incidents involving credential theft and remote control backdoors.

Why It Matters

This incident highlights the escalating sophistication of supply chain attacks targeting the software development lifecycle, specifically exploiting the trust developers place in build tools and dependencies. It underscores the critical need for rigorous dependency auditing and runtime monitoring, as compromised packages can lead to the exfiltration of high-value intellectual property and financial assets. For AI practitioners and developers, it serves as a stark reminder that even utility packages can be weaponized to compromise entire development environments and CI/CD pipelines.

Technical Details

  • Impersonation Strategy: Malicious packages like rollup-packages-polyfill-core and rollup-runtime-polyfill-core closely mimic legitimate rollup-plugin-polyfill-node in naming, description, and metadata to evade quick visual inspection.
  • Multi-Stage Execution: The initial packages trigger the installation of secondary packages (swift-parse-stream, quirky-token) which act as SVG utilities but actually fetch and evaluate JavaScript malware from a JSON Keeper URL.
  • Evasion Techniques: The malware includes environment checks to avoid execution in cloud development environments, sandboxes, and serverless runtimes before proceeding to download an encrypted payload from 216.126.236[.]244.
  • Payload Capabilities: The decrypted loader enables remote access via @nut-tree-fork/nut-js for interactive terminal sessions, screenshot capture, and input simulation, alongside data theft modules targeting browser data, crypto wallets, and specific config files.
  • Targeted Data Collection: Specific attention is given to editor histories from VS Code, Windsurf, and Cursor, as well as configurations for AWS, Azure, Google Gemini, Anthropic Claude, and SSH/Zsh settings.

Industry Insight

  • Enhanced Dependency Vetting: Organizations must implement automated tools that analyze package behavior beyond metadata, specifically checking for obfuscated code, unusual network calls during installation, and discrepancies in package ownership or history.
  • Isolation of Build Environments: To mitigate the risk of credential theft from developer workstations and CI/CD runners, consider isolating build processes in ephemeral, containerized environments with strict network egress controls and limited filesystem access.
  • Supply Chain Monitoring: Given the recurring nature of these attacks across npm and PyPI, continuous monitoring of open-source registries for lookalike packages and rapid response protocols for suspected compromises are essential for maintaining supply chain integrity.

TL;DR

  • 朝鲜关联的黑客组织利用仿冒的 npm 包(如伪装成 Rollup polyfill 工具)窃取开发者敏感数据。
  • 攻击采用多层级结构,通过隐蔽的 Base64 编码命令加载第二阶段恶意软件,最终执行凭证窃取和远程访问控制。
  • 恶意载荷专门针对开发环境,收集 VS Code、Cursor 等编辑器历史及 AWS、Azure 等云配置,并具备键盘鼠标模拟能力。
  • 此类供应链攻击与近期针对 Python (PyPI) 和 DeFi 领域的多个恶意包发布活动同步发生,显示攻击模式的一致性。

为什么值得看

这篇文章揭示了针对软件开发人员的高精度供应链攻击手段,强调了开源包管理器中隐藏后门的风险。对于安全从业者和企业而言,理解这种模仿合法工具元数据并针对特定开发环境(如 CI/CD 和本地工作站)的攻击向量,是完善软件供应链安全策略的关键。

技术解析

  • 伪装与分发:攻击者发布了名为 "rollup-packages-polyfill-core" 和 "rollup-runtime-polyfill-core" 的恶意包,其名称、描述和仓库元数据高度模仿合法的 "rollup-plugin-polyfill-node",以欺骗依赖审查。
  • 多层级加载机制:主包在安装时执行隐蔽代码,触发第二阶段包(如 "swift-parse-stream" 或 "quirky-token")。这些包伪装为 SVG 工具,从 JSONKeeper 获取并执行加密的 JavaScript 载荷。
  • 反分析与执行逻辑:恶意代码首先检测是否运行在云开发环境、沙箱或服务器端运行时中,以规避分析。通过后,它连接外部 C2 服务器 (216.126.236[.]244) 下载解密后的载荷。
  • 功能与目标:载荷利用 "@nut-tree-fork/nut-js" 实现远程桌面控制(键盘、鼠标、截图),并专门扫描并窃取浏览器数据、加密货币钱包、SSH 密钥、AWS/Azure/Gemini/Claude 等 AI 及云工具配置文件以及编辑器历史记录。

行业启示

  • 强化依赖审计:开发者应警惕名称相似但非官方维护的 npm 包,特别是在 CI/CD 流程和本地环境中,需启用严格的依赖锁定和签名验证机制。
  • 最小权限与环境隔离:开发工作站和构建机器应被视为高价值目标,需实施网络隔离和严格的权限管理,防止恶意包访问敏感的配置文件和密钥存储。
  • 关注供应链攻击趋势:鉴于近期 PyPI 和 npm 上出现的多起类似攻击(如 Operation Navy Ghost),行业需加强跨平台的威胁情报共享,并建立针对开源包异常行为的自动化监控体系。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全 Open Source 开源 Programming 编程