Post · bonfire.cafe

Cat 🐈🥗 (D.Burch) :paw:⁠:paw:

@catsalad@infosec.exchange · 4 hours ago

A malicious npm package?

You really think someone would go on the internet and do that?

Photo of a very chunky black cat looking at the camera with an incredulous look on its face.

4

Inky says "What the hell?!"

@InkySchwartz@mastodon.social · 3 hours ago

@catsalad I will just patiently sit here and wait for context.

Cat 🐈🥗 (D.Burch) :paw:⁠:paw:

@catsalad@infosec.exchange · 2 hours ago

https://safedep.io/art-template-npm-supply-chain-compromise/

SafeDep - Real-time Open Source Software Supply Chain Security

art-template npm Hijack Delivers iOS Browser Exploit Kit

art-template versions 4.13.3 through 4.13.6 were compromised via maintainer account takeover. The browser bundle injects scripts that deliver a full iOS exploit kit: WebAssembly type confusion, JIT heap spray, ASLR bypass via dyld cache parsing, and 31KB of ARM64 shellcode targeting iPhone and iPad.

@0xabad1dea@infosec.exchange · 4 hours ago

@catsalad what happened this time

Cat 🐈🥗 (D.Burch) :paw:⁠:paw:

@catsalad@infosec.exchange · 2 hours ago

@0xabad1dea Just the daily npm malware (⁠art-template this time)

via @campuscodi

https://mastodon.social/@campuscodi/116611576270340942