Hackers Hijack jQuery: 68 Malicious Packages Uncovered in Latest Supply Chain Attack
Hackers are targeting software developers with a complex supply chain attack. Phylum discovered dozens of malicious libraries impersonating jQuery on npm, GitHub, and jsDelivr, cleverly hiding malware in seldom-used functions.
Hot Take:
Look out, developers! It seems like hackers have decided to play a game of hide-and-seek in your jQuery libraries. If only they could use their skills for good, like making a reliable coffee-fetching bot for those late-night coding sessions.
Key Points:
- Hackers are targeting software developers through a complex supply chain attack.
- Unidentified hackers distributed dozens of malicious libraries on npm, GitHub, and jsDelivr.
- The libraries impersonate jQuery and hide malware in the seldom-used ‘end’ function.
- 68 malicious packages identified so far, suggesting a manual rather than automated approach.
- PyPI and GitHub have previously been forced to take preventive measures against similar attacks.
Membership Required
You must be a member to access this content.