Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

Three malicious versions of node-ipc (9.1.6, 9.2.3, 12.0.1) were published via a compromised npm account and contain an active credential-harvesting backdoor targeting 90 secret categories including AWS, Azure, GCP, GitHub, Kubernetes, and SSH credentials. The payload uses dual-channel exfiltration over HTTPS and DNS TXT queries and evades standard lifecycle-hook monitoring by embedding directly in the package core module. Any organization with node-ipc or vue-cli in its dependency tree should treat affected build environments as compromised.

Author

Tech Jacks Solutions