Hacker publica 14 pacotes maliciosos no npm em apenas quatro horas para roubar credenciais de nuvem e CI/CD
Os módulos imitavam as bibliotecas legítimas dos ecossistemas @opensearch e @elastic, mirando ambientes AWS, HashiCorp Vault, GitHub Actions e o próprio registro npm. O atacante, conhecido como “vpmdhaj”, usou typosquatting e nomes parecidos para enganar as vítimas. Os pacotes já foram removidos e sua lista pode ser conferida abaixo.
Informações adicionais: Microsoft
| Indicator | Type | Description |
|---|---|---|
| @vpmdhaj/elastic-helper (1.0.7269) | Package | Typosquat – ElasticSearch/OpenSearch helper |
| @vpmdhaj/devops-tools (1.0.7267) | Package | Typosquat – DevOps tools / OpenSearch setup |
| @vpmdhaj/opensearch-setup (1.0.7267) | Package | Typosquat – OpenSearch setup utility |
| @vpmdhaj/search-setup (1.0.7268) | Package | Typosquat – search engine setup |
| opensearch-security-scanner (1.0.10) | Package | Unscoped lookalike – security scanner |
| opensearch-setup (1.0.9103) | Package | Unscoped lookalike – spoofs opensearch-project repo URL |
| opensearch-setup-tool (1.0.9108) | Package | Unscoped lookalike – spoofs opensearch-project repo URL |
| opensearch-config-utility (1.0.9106) | Package | Unscoped lookalike – spoofs opensearch-project repo URL |
| search-engine-setup (1.0.9108) | Package | Unscoped lookalike – spoofs opensearch-project repo URL |
| search-cluster-setup (1.0.9104) | Package | Unscoped lookalike – spoofs opensearch-project repo URL |
| elastic-opensearch-helper (1.0.9108) | Package | Unscoped lookalike – spoofs opensearch-project repo URL |
| vpmdhaj-opensearch-setup (1.0.9102) | Package | Unscoped – author-named OpenSearch setup |
| env-config-manager (2.1.9201) | Package | Typosquat – dotenv-style config manager |
| app-config-utility (1.0.9300) | Package | Typosquat – generic app config utility |