Introduction
Security researchers at Checkmarx have uncovered a new npm supply chain attack involving a malicious package named “jest-fet-mock.” This attack employs typosquatting techniques to target development environments, posing significant risks to software supply chains.
Description
Security researchers at Checkmarx have identified a novel npm supply chain attack involving a malicious package named “jest-fet-mock.” This package employs a typosquatting technique [1] [3], mimicking two legitimate JavaScript testing utilities: “fetch-mock-jest” and “Jest-Fetch-Mock,” by altering ‘fetch’ to ‘fet’ while retaining the key terms ‘jest’ and ‘mock.’ The attack specifically targets development environments, where developers often have elevated privileges and where these packages are commonly utilized in CI/CD pipelines [2].
Upon download and execution, the malware activates by calling an Ethereum smart contract to obtain the command-and-control (C2) server address. This interaction allows attackers to dynamically update the C2 address without altering the malware itself, complicating defensive measures and enabling resilient communication even if specific C2 servers are blocked. The use of blockchain technology provides attackers with significant advantages; its decentralized and immutable nature makes their infrastructure difficult to disrupt [2], while enhancing operational agility through seamless updates to the smart contract.
The emergence of “jest-fet-mock” underscores the evolving tactics of threat actors in compromising the software supply chain [2]. It highlights the critical need for development teams to strengthen security protocols around package management and to meticulously verify the authenticity of open-source development tools, particularly those that require elevated privileges in sensitive environments.
Conclusion
The discovery of the “jest-fet-mock” package highlights the increasing sophistication of supply chain attacks and the need for robust security measures. Development teams must enhance their security protocols, especially in package management, to prevent such threats. Vigilance in verifying the authenticity of open-source tools is crucial, particularly in environments with elevated privileges [1]. As threat actors continue to evolve their tactics, staying informed and proactive in security practices will be essential to safeguarding software supply chains in the future.
References
[1] https://thecyberwire.com/podcasts/daily-podcast/2183/transcript
[2] https://www.infosecurity-magazine.com/news/supply-chain-attack-smart/
[3] https://www.newsminimalist.com/articles/checkmarx-uncovers-npm-supply-chain-attack-using-ethereum-smart-contracts-adad2cca