Home>Blog>The Hacker News Headlines>Malicious NPM Package Caught Mimicking Material Tailwind CSS Package
The Hacker News Headlines

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

Malicious NPM Package

A malicious NPM package has been found masquerading as the
legitimate software library for Material Tailwind, once again
indicating attempts on the part of threat actors to distribute
malicious code in open source software repositories.

Material Tailwind is a CSS-based
framework[1] advertised by its
maintainers as an “easy to use components library for Tailwind CSS
and Material Design.”

“The malicious Material Tailwind npm package, while posing as a
helpful development tool, has an automatic post-install script,”
Karlo Zanki, security researcher at ReversingLabs, said[2]
in a report shared with The Hacker News.

CyberSecurity

This script is engineered to download a password-protected ZIP
archive file that contains a Windows executable capable of running
PowerShell scripts.

The rogue package, named material-tailwindcss[3], has been downloaded 320
times to date, all of which occurred on September 15, 2022.

In a tactic that’s becoming increasingly common, the threat
actor appears to have taken ample care to mimic the functionality
provided by the original package, while stealthily making use of a
post installation script to introduce the malicious features.

This takes the form of a ZIP file retrieved from a remote server
that embeds a Windows binary, which is given the name
“DiagnosticsHub.exe” likely in an attempt to pass off the payload
as a diagnostic utility.

Malicious NPM Package
Code for stage 2 download

Packed within the executable are Powershell code snippets
responsible for command-and-control, communication, process
manipulation, and establishing persistence by means of a scheduled
task.

The typosquatted Material Tailwind module is the latest in a
long[4]
list[5]
of attacks[6]
targeting open source software repositories like npm, PyPI, and
RubyGems in recent years.

CyberSecurity

The attack also serves to highlight the software supply chain as
an attack surface, which has risen in prominence owing to the
cascading impact attackers can have by distributing malicious code
that can wreak havoc across multiple platforms and enterprise
environments in one go.

The supply chain threats have also prompted the U.S. government
to publish a memo directing federal agencies to “use only software
that complies with secure software development standards” and
obtain “self-attestation for all third-party software.”

“Ensuring software integrity is key to protecting Federal
systems from threats and vulnerabilities and reducing overall risk
from cyberattacks,” the White House said[7]
last week.

References

  1. ^
    CSS-based framework
    (www.material-tailwind.com)
  2. ^
    said
    (blog.reversinglabs.com)
  3. ^
    material-tailwindcss
    (www.npmjs.com)
  4. ^
    long
    (thehackernews.com)
  5. ^
    list
    (thehackernews.com)
  6. ^
    attacks
    (thehackernews.com)
  7. ^
    said
    (www.whitehouse.gov)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.