Phylum is the front-runner in software supply chain attack identification and protection. Across the current digital landscape - where open source is used in 97% of projects and comprises more than 70% of code bases -
⚠️This appears to be an ongoing campaign. Since publication, additional packages have been released tied to this threat actor. See the IOCs below.
On January 12, 2024 Phylum’s automated risk detection platform alerted us to
Back in November, we published a write-up about a collection of npm packages involved in a complex attack chain. These packages, once installed, would download a remote file, decrypt it, execute an exported function from it,
Background
Today’s security breach at Ledger, a leader in cryptocurrency hardware wallets, has raised significant alarms in the digital assets community. The breach was facilitated through a spear phishing attack on a former employee. Apparently,
Determining the intent behind a package publication is notoriously difficult. Is it a legitimate threat actor or a security researcher? We can rarely make this determination, so Phylum generally errs on the side of caution and