Dozens of Red Hat packages backdoored through its official NPM channel
Summary
Hackers took control of official Red Hat accounts on the npm software repository and added malware to more than 30 software packages. This malware steals sensitive data like access tokens and spreads itself by pushing infected packages to other accounts. Red Hat removed the harmful packages and said no customers or production systems were affected.Key Facts
- Over 30 Red Hat packages on npm were infected with malware called Shai-Hulud.
- The malware activates during the software installation process before the software is used.
- It steals sensitive credentials, including GitHub secrets, npm tokens, and cloud service keys.
- The malware spreads by republishing infected packages to other accounts accessible from the infected machine.
- Researchers believe the attack came from compromising Red Hat’s internal Continuous Integration/Continuous Delivery (CI/CD) system.
- Red Hat stated the infected packages were only used internally and did not reach customers.
- Most malicious packages were removed shortly after discovery.
- The malware was linked to a group called TeamPCP, which encourages competition for large-scale supply-chain attacks.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.