Popular npm Linter Packages Hijacked via Phishing to Drop Malware

The popular JavaScript linting packages eslint-config-prettier and eslint-plugin-prettier were hijacked this week through a targeted phishing and credential theft attack. The compromised versions, 8.5.0 and 4.2.0 respectively, were modified to include a malicious script that downloads and executes a malicious executable file. This supply chain attack highlights the vulnerabilities in the software development ecosystem, where trusted packages can be weaponized to distribute malware to downstream users. The attack method involved phishing and credential theft, emphasizing the importance of robust authentication practices and awareness of social engineering tactics. Developers using these packages are advised to check their systems for any suspicious activity and update to safe versions. Organizations should implement measures such as dependency monitoring, multi-factor authentication (MFA), code signing, and incident response plans to mitigate the risk of such attacks. This incident underscores the critical need for vigilance and proactive security practices in managing software dependencies and securing the software supply chain.