Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Careful, that jQuery package could be loaded with Trojans

A white padlock on a dark digital background.

Hackers are, once again, targeting software developers through a “complex and persistent” supply chain attack.

Recently, cybersecurity researchers from Phylum discovered a new campaign in which unidentified hackers distributed dozens of malicious libraries on different code repositories, including npm, GitHub, and jsDelivr.

All of these libraries impersonated jQuery, a small, fast and feature-rich JavaScript library designed to simplify the client-side scripting of HTML. 

Dozens of packages

With jQuery, it is easier to write JavaScript code, since the library provides different features such as simplified event handling, animations, and Ajax interactions. It allows developers to accomplish complex tasks with fewer lines of code compared to plain JavaScript.

"This attack stands out due to the high variability across packages," Phylum said. "The attacker has cleverly hidden the malware in the seldom-used 'end' function of jQuery, which is internally called by the more popular 'fadeTo' function from its animation utilities."

So far, Phylum identified 68 packages, published between late May and late June this year. Some of the names of the packages include cdnjquery, footersicons, jquertyi, jqueryxxx, logoo, and sytlesheets.

This is not the first time hackers are targeting software developers, and their clients, through weaponized packages. Usually, however, there is a healthy dose of automation in such campaigns, reflected in the way the packages are named, and in the dates they are uploaded. This campaign, on the other hand, seems to be fully manual, since it doesn’t check any of these boxes.

Among the different repositories, PyPI, GitHub, and npm, are most frequently targeted. 

PyPI, for example, was forced to suspend new account and new project creation, on multiple occasions, to prevent hackers from uploading large amounts of malicious packages. GitHub, on the other hand, saw hackers upload “millions of repos capable of stealing sensitive information and information cookies” in late February this year.

Via TheHackerNews

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.