Shulou(Shulou.com)06/02 Report--

This article introduces the example analysis of malicious code early warning implanted into JavaScript public library event-stream. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

0x00 event background

On November 21, 2018, a user named FallingSnow posted a question about the implanted malicious code in github Issuse on event-stream, a well-known JavaScript application library, indicating that there was malicious code in event-stream to steal users' digital wallets.

360-CERT learned from the Issuse that about three months ago, due to lack of time and interest, event-stream 's original author @ dominictarr handed over its development to another programmer named @ Right9ctrl.

Subsequently, Right9ctrl released Event-Stream 3.3.6-Flatmap-Stream0.1.1 with new dependencies.

Where Flatmap-Stream v0.1.1 is the npm package that contains malicious code.

According to analysis, the main function of the malicious code in the package is that it will steal the user's wallet information, including the private key, and send it to port 8080 of copayapi.host. At present, the npm official website has been removed from the shelves.

In the actual production application, event-stream library belongs to a cross-platform application, the impact will be more extensive.

360-CERT recommends that relevant users, especially Internet-related enterprises, should conduct security assessments for their own IDC online environment and office network environment.

0x01 scope of influence

Event-Stream version 3.3.6

This is a very popular JavaScript library, with more than 2 million downloads per week on the npm.org repository.

Malicious dependency has existed undetected for 2.5 months.

This is the example analysis of the malicious code early warning implanted into the JavaScript public library event-stream. I hope the above content can be helpful to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.