electron-native-notify

Incident Summary

electron-native-notify NPM package adds remote backdoor

The electron-native-notify package was compromised with code that opened a reverse shell to the attacker's server. Because the package sat beneath Electron applications, including the Agama cryptocurrency wallet, the backdoor moved transitively; a small notification dependency became the hidden wire into larger desktop software.

Date: 2018-08-01
Category: Open Source
Target Surface: Package registry
Insertion Phase: distribution
Impact: Backdoor
Cause: Compromised Account/Credentials

What Was Affected

Package electron-native-notify

LanguageJavascript

ComponentLibrary

Artifact typesource archive

Domain typepackage host

Domain npmjs.org

Repository github.com/calvinwyoung/electron-native-notify

Compromised Versions

1.1.6

Incident Context

Motive: Unauthorized Access/Control
Attribution: Individual Hacker
Transitive: Yes
Observed Duration: 0 days

Evidence

Compromised Artifacts

registry.npmjs.org/electron-native-notify/-/electron-native-notify-1.1.6.tgz

Current Artifacts and Analysis

Indicators and Changes

Hashes

sha256:07f16d95f3c91dbd2ddf974d4b95d8dcec39b09b8906fa3b35e0a0da78fe8f76

External References

Source Data

Source record: oss/electron-native-notify/meta.yaml