Malicious code was found in three versions of a very popular NPM package called UAParser.js on Friday. UAParser.js is used in apps and websites, among other things, to identify the system and browser used. A computer running this software could give attackers access to confidential information or allow them to take control of the system. Apparently, the malicious code that was smuggled in in this case was used to install a miner for cryptocurrency on the target system.
The developer of UAParser.js, a programmer from Indonesia who publishes his software under the name faisalman, announced in his Gitmemory profile that the software had been modified by malicious code. The UAParser.js website reported nearly 8 million downloads in the past week.
On Friday evening, the US security agency Cybersecurity & Infrastructure Security Agency (CISA) a security warning about the incident referring to the GitHub Advisory Database.
Updates do not guarantee security
In the GitHub Advisory Database, three malicious code versions of the package ua-parser-js are named: 0.7.29, 0.8.0 and 1.0.0. Users who have these versions on their system should immediately install updates (0.7.30, 0.8.1, 1.0.1) and examine their systems for suspicious behavior. Even if the malicious code has been removed from the system, there is no guarantee that all damage caused by the temporary installation of the malware will be repaired. so the warning in the database.
The NPM platform has been part of GitHub, the world’s largest repository of developer projects, since early 2020. In 2018, Microsoft bought Github for around $ 7.5 billion. When GitHub took over the package manager in 2020, the platform became the property of Microsoft. GitHub CEO Nat Friedmann stated after the takeover that Microsoft had come into possession of the “largest developer ecosystem in the world”. The service comprises well over a million packages and records around 75 billion downloads per month by around 12 million developers.