Two Banks Hit by Attacks on Open-Source Supply Chain

supply chain attacks
According to Checkmarx analysts, two unnamed banks have been the victims of attacks on the open-source supply chain in recent months.

Researchers say these are the first incidents of their kind. Although the FBI even issued a warning about an increase in the number of attacks on supply chains, but by other methods.

In February and April of this year, attackers uploaded packages with malicious scripts to npm.

So, during one of the attacks, hackers placed several infected packages with pre-installed scripts that checked the victim’s operating system. Depending on whether it was Windows, Linux, or macOS, the script decoded the other encrypted files in the package.

These files were then used to download the malware to the target computer, and the hackers moved on to using the Havoc post-exploitation framework, which is able to bypass standard protections such as Windows Defender.

The attackers who uploaded these packages to npm created a fake page on LinkedIn, where they pretended to be an employee of the victim’s bank. Because of this feature, Checkmarx researchers initially decided that perhaps this was not an attack, and the bank’s specialists themselves were conducting a pentest.

However, after contacting a financial institution, the researchers were convinced that they had not even heard of such software.

supply chain attacks
Scheme of the first attack

In another incident, hackers targeted a bank’s login page by creating an npm package into which they injected malicious code that “was dormant until prompted to act.” The code was focused on the mobile bank login page.

The payload demonstrates that an attacker has identified a unique element ID in the HTML code of the login page and designed his code in such a way as to “hook” on a certain element of the login form, quietly intercept the credentials and pass them to a remote server.the researchers write.

supply chain attacks
Scheme of the second attack

The malicious packages were removed shortly after they were discovered, but Checkmarx analysts believe that in the future we will see “a steady trend of attacks on the open-source supply chain in the banking sector.”

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Volodymyr Krasnogolovy

I'm a journalist, cybersecurity specialist, content manager, copywriter, and photojournalist. With a deep passion for cybersecurity and a diverse skill set, I'm excited to share my expertise through this blog. From researching the latest threats to crafting engaging narratives and capturing powerful visuals, I strive to provide valuable insights and raise awareness about the importance of cybersecurity.

Leave a Reply