Malicious operation identified by Microsoft injects code into over 20 packages in the JavaScript ecosystem to steal access secrets.
Microsoft has identified a new wave of attacks targeting the npm (Node Package Manager) ecosystem, dubbed the Miasma campaign. The malicious operation compromised more than 20 packages, with the primary goal of stealing credentials and access secrets used by programmers during software development.
According to Microsoft, the main targets of this campaign are packages related to the Leo Platform and RStreams. The attackers' tactic consists of poisoning these code repositories with malicious injections that, once downloaded and executed in the local environments of technology teams, initiate a process of harvesting sensitive data.
The theft of credentials in development environments poses a significant risk to corporate infrastructure. By obtaining authentication secrets from maintainers and developers, criminals can gain privileged access to critical systems, which facilitates lateral movement within corporate networks and the exfiltration of confidential information.
The investigation indicates that the campaign is not limited to the packages already affected. Microsoft reports that the attackers are expanding the scope of the operation to hunt for new package maintainers. The strategy indicates a continuous effort to compromise software supply chains, exploiting the inherent trust developers place in open-source libraries.
The Miasma campaign is a malicious operation identified by Microsoft that infected over 20 npm packages. Its primary goal is to steal developer credentials and access secrets by injecting malicious code into open-source libraries.
According to Microsoft, the primary targets of the Miasma campaign are packages related to the Leo Platform and RStreams. Attackers poisoned these code repositories to harvest sensitive data from local development environments.
Stealing authentication secrets from developers allows attackers to gain privileged access to critical corporate systems. This facilitates lateral movement within corporate networks and the exfiltration of confidential information, severely compromising the software supply chain.