Checkmarx cybersecurity researchers discovered an open-source software supply chain campaign targeting the banking industry. The attackers created fake social media accounts to establish false validity alongside malicious software uploads.
In the first attack, the hackers uploaded malicious npm packages to the registry and posed as a bank employee. The threat actor created a fake LinkedIn page to accompany the false identity. If the npm package was launched, the script determined the operating system type and downloaded a second-stage malware package via Azure’s CDN subdomains. The second-stage payload included the open-source command-and-control (C2) framework Havoc. Subsequent attacks from the threat actor utilized a similar strategy, where a malicious npm package would lay dormant until activated.
Read More:
https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html