Stories
Slash Boxes
Comments

SoylentNews is people

Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

posted by janrinok on Thursday May 03 2018, @03:35PM   Printer-friendly

MrPlow writes:

Submitted via IRC for SoyCow8317

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript package.

The actual backdoor mechanism was found in "getcookies," a relatively newly created npm package (JavaScript library) for working with browser cookies.

The npm team —who analyzed this package earlier today after reports from the npm community— says "getcookies" contains a complex system for receiving commands from a remote attacker, who could target any JavaScript app that had incorporated this library. The npm team explains:

The backdoor worked by parsing the user-supplied HTTP request.headers, looking for specifically formatted data that provides three different commands to the backdoor. [...] We can see here that the headers are stringified and the result searched for values in the format of: gCOMMANDhDATAi

Source: https://www.bleepingcomputer.com/news/security/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday May 04 2018, @01:43PM

    by Anonymous Coward on Friday May 04 2018, @01:43PM (#675642)

    From the editor-was-too-lazy-to-add-a-dept.-line dept.

    On topic:

    From the code-review-working-as-intended dept.