Malicious npm packages hijack cloud keys using typosquatting

MICROSOFT has issued an urgent alert regarding a sophisticated supply chain attack targeting npm packages, which compromises cloud infrastructure. An attacker, vpmdhaj, has published 14 malicious packages that use typosquatting tactics to mimic legitimate libraries like OpenSearch and ElasticSearch, tricking developers into downloading them. The malicious packages automatically execute, harvesting credentials and sensitive information from cloud services, including AWS and HashiCorp Vault.

To defend against these attacks, Microsoft recommends disabling installation scripts, rotating exposed credentials, and auditing cloud environments for unusual activities.