VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Stealer backdoor in node-ipc (9.1.6, 9.2.3, 12.0.1)

Stealer‑бекдор в node-ipc (9.1.6, 9.2.3, 12.0.1)

Colleagues, please note a cybersecurity incident: malicious releases were published in the npm package node-ipc.

- Socket and StepSecurity: versions 9.1.6, 9.2.3 and 12.0.1 contain an obfuscated stealer/backdoor embedded as an IIFE that executes on require.
- Exfiltrates secrets (AWS, GCP, Azure, SSH, Kubernetes, GitHub, Terraform, etc.), archives them and uploads to sh.azurestaticprovider[.]net; a DNS‑TXT channel is also used.
- Published by account “atiertant”; 12.0.1 activates by SHA‑256 of target module, 9.x runs universally.

Why it matters: compromise of a popular package endangers the supply chain.

Actions: remove vulnerable versions, move to 9.2.1/12.0.0, rotate credentials, audit releases and CI, block egress to C2.

How do you scan projects for such threats?
#cybersecurity #supplychain #npm #devsecops

Latest comments

No comments yet.