Open Source Package 'Mini Shai-Hulud' Identified as Malware, Affecting Popular Tools
A recent alert from crypto influencer @mubeitech has highlighted a significant security issue involving an open-source foundational package, which has been downloaded 1.1 million times weekly. According to PANews, the package has been flagged as known malware, resulting in its supply chain security score dropping to zero. The malware, named 'Mini Shai-Hulud,' has recently caused widespread infection in open-source code repositories. The list of affected components includes high-frequency tools such as Alibaba's data visualization suite, AntV, with hundreds of packages reportedly injected with malicious code. Other commonly used front-end tools like echarts-for-react and timeago.js have also been compromised. Notably, echarts-for-react alone sees an installation rate of 1.1 million times per week. The breach originated from the compromise of a regular developer account, with the username 'atool,' which had its permissions stolen.
Source: CoinLive The copyright of this article belongs to the original author/organization.
The views expressed herein are solely those of the author and do not reflect the stance of the platform. The content is intended for investment reference purposes only and shall not be considered as investment advice. Please contact us if you have any questions or suggestions regarding the content services provided by the platform.
Post your comment
No Comments