NPM’s Sneaky RAT Attack: How Malicious Updates Crawled into 40,000 Downloads
The NPM package ‘rand-user-agent’ was hijacked by a threat actor who published three malicious versions to deploy a remote access trojan. This classic supply-chain attack exploited outdated security, affecting over 40,000 downloads. Users should revert to version 2.0.82 and check for signs of compromise.
Hot Take:
When life gives you lemons, apparently some folks make remote access trojans! In a plot twist worthy of a Hollywood hacking blockbuster, an NPM package called ‘rand-user-agent’ was hijacked by a threat actor who decided to gift the world with a new RAT (Remote Access Trojan). Whoever thought that generating user-agent strings could lead to a digital horror story? It’s like finding out your grandma’s cookie recipe has been used to make malware. Watch out, developers—there’s a new sheriff in town, and it’s wearing a malicious RAT hat!
Key Points:
- The NPM package ‘rand-user-agent’ was compromised with three malicious versions.
- The attack leveraged an outdated automation token lacking two-factor authentication.
- Malicious versions included a backdoor named Python3127 PATH Hijack.
- Users are advised to revert to the last clean version, 2.0.82.
- WebScrapingAPI is working to close security gaps and ensure transparency.