Once inside, the threat actor added a post-installation script to the original codebase, which it run a n obfuscated TypeScript, that would check for operating system details and download a Windows batch or Linux bash script.Īccording to a deobfuscated version of the Windows batch script, the compromised packages would download and run a DLL file that, according to Windows Defender, and others, contained a version of the Qakbot trojan. Compromised rc versions: 1.2.9, 1.3.9, 2.3.9.īoth packages were compromised around the same time and were the result of attackers gaining access to a package developer's account.Rc is a configuration loader with ~14.2 million weekly downloads.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |