Hackers have compromised several popular open source projects trusted by software developers around the world in the ongoing cyber attack.
On Tuesday, cyber security firm stage safety And safedip Warnings have been raised about the latest wave of so-called “supply chain” attacks, which aim to compromise developers of popular open source projects and use that access to plant malicious updates that are pushed to users downstream.
According to SafeDep, hackers took over a developer’s account and released more than 630 malicious variants in 317 packages in about 20 minutes. The goal of the attack is to steal credentials for various services, including password managers, as a way to steal data and continue spreading malware.
Among the packages compromised by the hackers was Entv, a library made by Alibaba. In some cases, hackers published malicious updates on GitHub, According to JFrog Security.
This latest wave of attacks is part of a broader campaign targeting open source projects and developers who use the code for their own projects. Researchers have dubbed the hack a “mini Shai-Hulud” after the attack followed a previous, more widespread hacking campaign.
Last week, in another wave of attacks as part of the Mini Shai-Hulud attacks, Hackers tampered with the computers of two OpenAI employees After hacking the open source library Tanstack. OpenAI was one of many victims.
