The timing of the Nx compromise coincides with another significant npm supply chain discovery: JFrog announced it had separately uncovered eight malicious packages published on npm, including react-sxt, react-typex, and react-native-control, which contained “highly sophisticated multi-layer obfuscation, with over 70 layers of concealed code.”
“Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate,” said a blog post by JFrog security researcher Guy Korolevski.
Multiple attack vectors target npm ecosystem
The JFrog-discovered packages targeted Chrome users on Windows with data theft capabilities designed to extract “sensitive Chrome browser data from all user profiles, including passwords, credit card information, cookies, and cryptocurrency wallets.” These packages used numerous evasion techniques including “shadow copy bypass, LSASS impersonation, multiple database access methods, and file-lock circumvention to avoid detection,” according to the JFrog post.
