Up to 68 malicious iterations of the jQuery software have been distributed across GitHub, npm, and jsDelivr as part of a sophisticated supply chain intrusion, The Hacker News reports.
Trojanized jQuery packages — which have been published since late May and may have been manually assembled due to the naming variations, personal file presence, and a prolonged uploading period — had malware integrated into the software's rarely used "end" function that enabled website form data exfiltration to a remote URL, according to a Phylum report. Researchers also discovered the automated creation of GitHub URLs in jsDelivr without explicit uploads to CDN. "This is likely an attempt by the attacker to make the source look more legitimate or to sneak through firewalls by using jsDelivr instead of loading the code directly from GitHub itself," said Phylum. Such findings follow Datadog's discovery of several Python Package Index packages with second-stage binary deployment capabilities.
