A rather popular Javascript library called UAParser.js was infected with malware by its author Faisal Salman last Friday. The library was hacked and modified with malicious code that downloads and installs a password stealer alongside a cryptocurrency miner on systems with compromised versions.

According to the library’s author, “I believe someone was hijacking my npm account and published some compromised packages which will probably install malware.” Hours after discovering the hack, Salman pulled the compromised versions and replaced them with patched ones.

At the time of writing, the library has had 7,899,915 weekly downloads and is used by some of the biggest Silicon Valley giants.

In the News: Android apps come to Windows 11

Big download numbers equals big threat potential

Further analysis of the malicious code revealed extra scripts that can download and execute binaries from a remote server. These binaries were provided for both Windows and Linux. According to a Github user named KalleOlaviNeimitalo, version 0.7.29 included these scripts. From the command-line arguments, it looks like one of them is a crypto miner, but there’s a good chance that it might just be for camouflage.

Furthermore, these scripts can also download and install a trojan that can export browser cookies, passwords, and OS credentials on Windows systems. This is an infostealer trojan that’s possibly a version of the Danabot malware found by another Github user.

Since the library is used by several big corporations, including Facebook, Apple, Amazon, Microsoft, Slack, IBM, HPE, Dell, Oracle, Mozilla, Shopify, Reddit, and many independent developers in general, even CISA has released a notification regarding the vulnerability. The Github Advisory Database has also documented the malware and assigned it the CWE-506 ID.

As of right now, the compromised versions are 0.7.29, 0.8.0 and 1.0.0, which have been replaced with the following patched versions — 0.7.30, 0.8.1, 1.0.1.

In the News: Twitter Spaces is now available to everyone

Yadullah Abidi

Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars.

You can contact him here: [email protected]

UAParser.js NPM package infected with malware

Big download numbers equals big threat potential

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

We may earn a commission if you buy something from a link on this page. Thanks for your support.

You can read our Ethics Statement here.

You can also support our Editorial Team here.

Read more from Candid.Technology

Top 7 alternatives to Airbnb

How to hide and unhide apps on your iPhone?

Top 7 Audible alternatives

Climate-change gases hit new record high: WMO (UN)

How to change the language on Maps in iPhone?

IFA 2018: Acer OJO 500 Windows Mixed Reality headset announced

What is Video TDR Failure? 6 Fixes

Tech Made Simpler