A rather popular Javascript library called UAParser.js was infected with malware by its author Faisal Salman last Friday. The library was hacked and modified with malicious code that downloads and installs a password stealer alongside a cryptocurrency miner on systems with compromised versions.

According to the library’s author, “I believe someone was hijacking my npm account and published some compromised packages which will probably install malware.” Hours after discovering the hack, Salman pulled the compromised versions and replaced them with patched ones. 

At the time of writing, the library has had 7,899,915 weekly downloads and is used by some of the biggest Silicon Valley giants. 

In the News: Android apps come to Windows 11

Big download numbers equals big threat potential

Further analysis of the malicious code revealed extra scripts that can download and execute binaries from a remote server. These binaries were provided for both Windows and Linux. According to a Github user named KalleOlaviNeimitalo, version 0.7.29 included these scripts. From the command-line arguments, it looks like one of them is a crypto miner, but there’s a good chance that it might just be for camouflage. 

Furthermore, these scripts can also download and install a trojan that can export browser cookies, passwords, and OS credentials on Windows systems. This is an infostealer trojan that’s possibly a version of the Danabot malware found by another Github user. 

Since the library is used by several big corporations, including Facebook, Apple, Amazon, Microsoft, Slack, IBM, HPE, Dell, Oracle, Mozilla, Shopify, Reddit, and many independent developers in general, even CISA has released a notification regarding the vulnerability. The Github Advisory Database has also documented the malware and assigned it the CWE-506 ID.

As of right now, the compromised versions are 0.7.29, 0.8.0 and 1.0.0, which have been replaced with the following patched versions — 0.7.30, 0.8.1, 1.0.1.

In the News: Twitter Spaces is now available to everyone

Yadullah Abidi

Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

You can read our Ethics Statement for more information on how our Editorial Team operates.

You can also support our Editorial Team here.

Share on facebook

Share on whatsapp

Share on twitter

Share on reddit

Share on linkedin

Share on pocket

Share on pinterest

Share on telegram

Share on stumbleupon

Share on digg

Share on tumblr

Share on email

Share on skype

Share on xing

Share on vk

Share on odnoklassniki

Share on mix

Read more from Candid.Technology

How to check data usage on your iPhone and iPad?

Prayank 7:00 pm IST | September 25, 2020

JBL Endurance Dive review: Sporty, swim and pocket friendly

IANS 11:30 pm IST | October 30, 2018

How to check the Battery Health on iPad?

Aryan 4:00 am IST | January 29, 2021

How to enable split screen and multitask on Android 9 Pie, Oreo and Nougat

Kumar Hemant 7:30 pm IST | May 20, 2019

Twitch Prime rebranded as Prime Gaming; available in over 200 countries

Prayank 1:40 pm IST | August 11, 2020

Top 7 audio editing software for PC

Sara 2:00 pm IST | July 23, 2020

What is ACPI Power States?

Yadullah Abidi 11:00 pm IST | January 2, 2020

What are Torrents? A beginner’s guide: Everything you need to know

Akshaya R 12:00 pm IST | December 19, 2018

Top 7 running apps for Android

Sara 5:00 pm IST | March 8, 2021

More

No more posts to show