Self-Replicating Worm Hits 180+ Software Packages
Self-Replicating Worm Hits 180+ Software Packages
krebsonsecurity.com
Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
I wonder how does this even works out in simple terms, like if a dev finds out that their creds have been stolen and published they would know that their system is compromised, so they have to reinstall the whole system locally? If they just change the password the worm is still rhere so it will steal the new password as well. But even if they would reinstall the whole system the worm is still somewhere there in the repo and will find it's way back again, so what are the mitigations in such a case?