Malicious Code Found in npm Package @0xengine/xmlrpc
/ 1 min read
Malicious npm package exploits software supply chain vulnerabilities. Researchers from Checkmarx have uncovered a year-long software supply chain attack involving the npm package @0xengine/xmlrpc, which initially appeared as a benign library before incorporating malicious code. This code, introduced in version 1.3.4, is designed to steal sensitive data and mine cryptocurrency from infected systems. The malware collects information such as SSH keys and environment variables, exfiltrating it via services like Dropbox. The attack leverages both direct npm installations and hidden dependencies in legitimate repositories, highlighting the need for ongoing vigilance in software supply chain security. Additionally, Datadog Security Labs reported a related campaign targeting Windows users with counterfeit packages on npm and PyPI, further emphasizing the risks developers face from malicious actors.