AI detected potential malware. Plus a bunch of words. Is this a real thing? It does look like all the other npm compromise notes. But the page has AI and potential written on it, so the whole thing may be fabricated, and there are no other comments here.
So on balance I guess I'll ignore it. What a time to be a developer.
Founder of socket.dev here. “AI detected potential malware” is what we call the alerts generated by our automated malware detection engine that runs on all newly published open source packages in real-time. However, these alerts are reviewed by our threat research team and once a human has confirmed the finding, we upgrade it to “Known malware”.
At this point (given we just published research about this) we've upgraded this threat to Known malware.
So in short:
- “AI detected potential malware” = automated system found something suspicious
- “Known malware” = human confirmed it’s real
The wording is intentional because not every automated hit ends up being true malware. It’s better to give developers early visibility into possible threats, even if they turn out to be benign, than to miss a real attack.
socket.dev is a well known a reputable company, and their founder is pretty well known and trusted too. And looking that their blog post it looks like detected a real attack.
To avoid LeftPad 3.0 they're going to have to add some sort of signed capabilities manifest to restrict API access for these narrow domain packages. Then attackers would limited to targeting those with network privileges.
They're scanning for credentials. If they can get things like AWS credentials, I would expect to see cloud crypto mining as their next move. So it would be a good idea to keep an eye on your infra if you are affected.
Anyone that has production AWS creds in the same operating system they randomly execute unreviewed code on the internet on should have their access revoked.
Nice little Dune reference in there: The malware installs a Github action if it finds an access token, and names it 'shai-hulud-workflow.yml'.
Shai Hulud is the Fremen term for the sandworms on Arrakis.
I if you think that last week attack was s1ngularity that can be related to wormhole, now we get this shai-hulud that is actually a worm. Funny right? They are similar attacks also. This funny coincidence was described by someone at Aikido Security.
[+] [-] JonChesterfield|5 months ago|reply
So on balance I guess I'll ignore it. What a time to be a developer.
[+] [-] feross|5 months ago|reply
At this point (given we just published research about this) we've upgraded this threat to Known malware.
So in short:
- “AI detected potential malware” = automated system found something suspicious
- “Known malware” = human confirmed it’s real
The wording is intentional because not every automated hit ends up being true malware. It’s better to give developers early visibility into possible threats, even if they turn out to be benign, than to miss a real attack.
[+] [-] seanieb|5 months ago|reply
[+] [-] ATechGuy|5 months ago|reply
[+] [-] kevin_thibedeau|5 months ago|reply
[+] [-] lrvick|5 months ago|reply
[+] [-] jimmyl02|5 months ago|reply
supply chain is and has been the new gold mine for bad actors it seems
[+] [-] seanieb|5 months ago|reply
- Prevent publishing new package versions for 24–48 hours after account credentials are changed.
- Require support for security keys.
[+] [-] lelanthran|5 months ago|reply
NPM has bigger problems - no adults in the room! For example, they've been rejecting signed packages since 2014 or thereabouts?
Expect npm repos to be overflowing with AI-submitted crap that will lower the signal substantially due to not having any sort of identify via signing.
[+] [-] efortis|5 months ago|reply
[+] [-] lrvick|5 months ago|reply
If you do not have time to review a library, then do not use it.
[+] [-] wrs|5 months ago|reply
pnpm refuses to run install scripts from packages you haven’t manually authorized, which helps a bit.
[+] [-] aussieguy1234|5 months ago|reply
[+] [-] lrvick|5 months ago|reply
[+] [-] alex_suzuki|5 months ago|reply
[+] [-] danieldspx|5 months ago|reply