Over 40 npm packages were compromised in a supply chain attack that injected malicious bundle.js code to steal developer credentials. The attack automatically trojanizes downstream packages by modifying package.json files and uses TruffleHog to scan for GitHub tokens, npm tokens, and AWS credentials. The malware creates persistent GitHub Actions workflows to exfiltrate stolen data and can affect both Windows and Linux systems. Additionally, a separate phishing campaign targeting Rust developers uses fake rustfoundation.dev emails to steal GitHub credentials.
Table of contents
crates.io Phishing Campaign #Sort: