**SafeDep** reported that, "Every package contains three files (package.json, index.js, postinstall.js), has no description, repository, or homepage, and uses version 3.6.8 to appear as a mature Strapi v3 community plugin." ### Disguised as Legitimate Plugins The malicious packages follow a naming convention starting with "strapi-plugin-" followed by terms like "cron," "database," or "server." This is intended to deceive developers into downloading them. It's important to note that official Strapi plugins are scoped under "@strapi/." These packages were uploaded by four sock puppet accounts: "umarbek1233," "kekylf12," "tikeqemif26," and "umar_bektembiev1" over a 13-hour period. The identified packages include: * strapi-plugin-cron * strapi-plugin-config * strapi-plugin-server * strapi-plugin-database * strapi-plugin-core * strapi-plugin-hooks * strapi-plugin-monitor * strapi-plugin-events * strapi-plugin-logger * strapi-plugin-health * strapi-plugin-sync * strapi-plugin-seed * strapi-plugin-locale * strapi-plugin-form * strapi-plugin-notify * strapi-plugin-api * strapi-plugin-sitemap-gen * strapi-plugin-nordica-tools * strapi-plugin-nordica-sync * strapi-plugin-nordica-cms * strapi-plugin-nordica-api * strapi-plugin-nordica-recon * strapi-plugin-nordica-stage * strapi-plugin-nordica-vhost * strapi-plugin-nordica-deep * strapi-plugin-nordica-lite * strapi-plugin-nordica * strapi-plugin-finseven * strapi-plugin-hextest * strapi-plugin-cms-tools * strapi-plugin-content-sync * strapi-plugin-debug-tools * strapi-plugin-health-check * strapi-plugin-guardarian-ext * strapi-plugin-advanced-uuid * strapi-plugin-blurhash ### Malicious Code Execution The malicious code is embedded within the `postinstall` script hook. This script executes automatically during the "npm install" process, without requiring user interaction. It runs with the privileges of the installing user, potentially abusing root access in CI/CD environments and **Docker** containers. ### Payload Evolution The payloads evolved throughout the campaign: 1. **Redis Exploitation:** Weaponizing locally accessible Redis instances for remote code execution by injecting a crontab entry. This downloads and executes a shell script from a remote server, writing a PHP web shell and Node.js reverse shell via SSH to Strapi's public uploads directory. It also attempts to scan the disk for secrets like **Elasticsearch** and cryptocurrency wallet seed phrases, and exfiltrate a **Guardarian** API module. 2. **Docker Escape and Reverse Shells:** Combining Redis exploitation with Docker container escape to write shell payloads to the host. It launches a direct Python reverse shell and writes a reverse shell trigger into the application's node_modules directory via Redis. 3. **Reverse Shell Deployment:** Deploying a reverse shell and writing a shell downloader via Redis. 4. **Credential Harvesting:** Scanning the system for environment variables and PostgreSQL database connection strings. 5. **Expanded Reconnaissance:** Gathering environment dumps, Strapi configurations, Redis database extraction, network topology mapping, and Docker/Kubernetes secrets, cryptographic keys, and cryptocurrency wallet files. 6. **PostgreSQL Exploitation:** Connecting to the target's PostgreSQL database using hard-coded credentials and querying Strapi-specific tables for secrets. It also dumps cryptocurrency-related patterns and attempts to connect to six Guardarian databases. 7. **Persistent Implant:** Deploying a persistent implant to maintain remote access to a specific hostname ("prod-strapi"). 8. **Credential Theft:** Facilitating credential theft by scanning hard-coded paths and spawning a persistent reverse shell. SafeDep stated, "The eight payloads show a clear narrative: the attacker started aggressively (Redis RCE, Docker escape), found those approaches weren't working, pivoted to reconnaissance and data collection, used hardcoded credentials for direct database access, and finally settled on persistent access with targeted credential theft." ### Targeted Attack? The nature of the payloads, the focus on digital assets, and the use of hard-coded database credentials and hostname suggest a targeted attack against a cryptocurrency platform. Users who have installed any of the listed packages should assume compromise and rotate all credentials. ### Recent Supply Chain Attacks This discovery coincides with a surge in supply chain attacks targeting the open-source ecosystem: * A **GitHub** account named "ezmtebo" submitted over 256 pull requests containing a credential exfiltration payload, stealing secrets through CI logs and PR comments. * The "dev-protocol" GitHub organization was hijacked to distribute malicious **Polymarket** trading bots with typosquatted npm dependencies that steal wallet private keys and open an SSH backdoor. * The **Emacs** package "kubernetes-el/kubernetes-el" was compromised, exploiting the Pwn Request vulnerability in its GitHub Actions workflow to steal the repository's GITHUB_TOKEN and inject destructive code. * The "xygeni/xygeni-action" GitHub Actions workflow was compromised using stolen maintainer credentials to plant a reverse shell backdoor. **Xygeni** has since implemented new security controls. * The npm package "mgc" was compromised via account takeover to push malicious versions containing a dropper script that fetches platform-specific payloads – a Python trojan for Linux and a PowerShell variant for Windows. This attack shares overlap with the recent supply chain attack targeting **Axios**, attributed to **UNC1069**. * A malicious npm package named "express-session-js" typosquats "express-session" and contains a dropper that retrieves a remote access trojan (RAT). * The **PyPI** package "bittensor-wallet" (version 4.0.2) was compromised to deploy a backdoor that exfiltrates wallet keys. * A malicious npm package named "@azure/service-bus-node" contains a dropper that retrieves a RAT from JSON Keeper to conduct data theft and persistent access by connecting to "216.126.237[.]71" using the Socket.IO library.