A captured malicious NPM package mimicking Tailwind CSS Package material

by
Malicious NPM package

A malicious NPM package has been discovered posing as the legitimate software library for Material Tailwind, again indicating attempts by threat actors to distribute malicious code in open source software repositories.

The Tailwind material is a CSS based framework advertised by its maintainers as an “easy-to-use component library for Tailwind CSS and Material Design”.

“The malicious Material Tailwind npm package, while posing as a useful development tool, has an automatic post-installation script,” said Karlo Zanki, security researcher at ReversingLabs, said in a report shared with The Hacker News.

cyber security

This script is designed to download a password-protected ZIP archive file that contains a Windows executable capable of running PowerShell scripts.

The malicious package, named hardware-tailwindcsshas been downloaded 320 times to date, all of which took place on September 15, 2022.

In a tactic that is becoming increasingly common, the threat actor appears to have taken great pains to mimic the functionality provided by the original package, while stealthily using a post-installation script to introduce the malicious functionality. .

This takes the form of a ZIP file fetched from a remote server that embeds a Windows binary, which is given the name “DiagnosticsHub.exe” presumably in an effort to pass off the payload as a diagnostic utility.

Malicious NPM package
Code for step 2 download

The executable contains Powershell code snippets responsible for command and control, communication, manipulating processes, and establishing persistence through a scheduled task.

The typosquatted Material Tailwind module is the latest in a long listing of attacks targeting open source software repositories such as npm, PyPI and RubyGems in recent years.

cyber security

The attack also serves to highlight the software supply chain as an attack surface, which has grown in prominence due to the cascading impact attackers can have by distributing malicious code that can wreak havoc on multiple platforms and enterprise environments at once.

Supply chain threats also prompted the U.S. government to issue a memo directing federal agencies to “use only software that meets secure software development standards” and obtain “self-attestation for all third-party software”.

“Ensuring software integrity is critical to protecting federal systems against threats and vulnerabilities and reducing the overall risk of cyberattacks,” the White House said. said Last week.

You may also like

Leave a Comment

About Us

Times Global Will keep you updated To the Latest News Around The Globe..

Feature Posts

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Subscribe To our Newsletter

Join our subscribers list and get Latest News directly to your inbox.