Technology

Careful, that jQuery package could be loaded with Trojans

July 9, 2024

Hackers are, once again, targeting software developers through a “complex and persistent” supply chain attack.

Recently, cybersecurity researchers from Phylum discovered a new campaign in which unidentified hackers distributed dozens of malicious libraries on different code repositories, including npm, GitHub, and jsDelivr.

All of these libraries impersonated jQuery, a small, fast and feature-rich JavaScript library designed to simplify the client-side scripting of HTML.

Dozens of packages

With jQuery, it is easier to write JavaScript code, since the library provides different features such as simplified event handling, animations, and Ajax interactions. It allows developers to accomplish complex tasks with fewer lines of code compared to plain JavaScript.

“This attack stands out due to the high variability across packages,” Phylum said. “The attacker has cleverly hidden the malware in the seldom-used ‘end’ function of jQuery, which is internally called by the more popular ‘fadeTo’ function from its animation utilities.”

So far, Phylum identified 68 packages, published between late May and late June this year. Some of the names of the packages include cdnjquery, footersicons, jquertyi, jqueryxxx, logoo, and sytlesheets.

This is not the first time hackers are targeting software developers, and their clients, through weaponized packages. Usually, however, there is a healthy dose of automation in such campaigns, reflected in the way the packages are named, and in the dates they are uploaded. This campaign, on the other hand, seems to be fully manual, since it doesn’t check any of these boxes.

Among the different repositories, PyPI, GitHub, and npm, are most frequently targeted.

PyPI, for example, was forced to suspend new account and new project creation, on multiple occasions, to prevent hackers from uploading large amounts of malicious packages. GitHub, on the other hand, saw hackers upload “millions of repos capable of stealing sensitive information and information cookies” in late February this year.

Via TheHackerNews

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar