North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
By
Varshini
Crackling crust, pillowy middle. The kind of bagel that earns a second cup of coffee.
Summary
Security researchers discovered obfuscated JavaScript hidden inside a development version of the legitimate Laravel package roberts/leads on Packagist. The malicious code, attributed to the North Korean Chollima Group, was appended to tailwind.js in the dev branch and exposed as an installable dev version. Socket's AI scanner flagged the package after detecting runtime reconstruction of Node.js internals and immediate execution of a decoded staging payload instead of normal Tailwind configuration logic. This supply chain attack targets PHP developers by compromising a trusted package ecosystem.
Key quotes
· 3 pulledSocket's AI scanner flagged the version after detecting runtime reconstruction of Node.js internals and immediate execution of a decoded staging payload instead of normal Tailwind configuration logic.
Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package roberts/leads.
The malicious code was appended to tailwind.js in the dev branch, drewroberts/feature/test-case.
You might also wanna read
Composer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
Composer and Packagist.org are implementing new security measures to combat rising software supply chain attacks targeting the PHP open-sour
blog.packagist.com·14d agoComposer and Packagist Introduce New Supply Chain Security Measures After PHP Ecosystem Attacks
Composer and Packagist.org are implementing new security measures to combat rising software supply chain attacks targeting the PHP open-sour
blog.packagist.com·14d ago
Popular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·9mo ago
NPM Package Author "qix" Compromised in Ongoing Supply Chain Phishing Attack
This article discusses the ongoing issue of phishing attacks targeting NPM package authors, specifically focusing on a compromised author na
github.com·9mo ago
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att
casco.com·2mo ago
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
Malicious versions of the Nx package and several supporting plugins were published to npm, containing code that scans file systems, collects
github.com·9mo ago
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit
stepsecurity.io·8mo ago