Tech »  Topic »  Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack

4 days, 2 hours ago   securityweek

A threat actor published three malicious versions of the popular NPM package ‘rand-user-agent’ to deploy and activate a remote access trojan (RAT) on users’ systems.

A Node.js package that has been deprecated, rand-user-agent generates randomized user-agent strings based on occurrence. It was originally built as a functionality tool for Romanian software development firm WebScrapingAPI, but can be integrated into any node.js project for web scraping.

The package still has over 40,000 weekly downloads, but hasn’t been updated for over seven months, and a threat actor took advantage of this to push versions injected with malicious code.

While the project’s GitHub repository has remained unchanged, showing the latest clean version, 2.0.82, the threat actor published the malicious updates to the NPM registry, as versions 2.0.83, 1.0.110, and 2.0.84, explains Aikido, which first detected the suspicious code.

The malicious ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE