mailparser - isotope¹³

← Supply-Chain Attack Compendium

Incident Summary

mailparser NPM package compromised downloads executes binary

The maintainer's npm account for mailparser was compromised, and malicious version 0.1.2 was published to the registry. Its install path attempted to download and execute an OS-specific binary from an external server, but the package was removed within an hour and saw fewer than 100 downloads.

Date: 2019-03-12
Category: Open Source
Target Surface: Package registry
Insertion Phase: distribution
Impact: Backdoor
Cause: Compromised Account/Credentials

What Was Affected

Package mailparser

LanguageJavascript

ComponentLibrary

Artifact typesource archive

Domain typepackage host

Domain npmjs.org

Repository github.com/mailparser-legacy/mailparser

Compromised Versions

0.1.2

Incident Context

Motive: Unauthorized Access/Control
Attribution: Individual Hacker
Transitive: No
User Impact: 100
Observed Duration: 0 days

Evidence

Compromised Artifacts

registry.npmjs.org/mailparser/-/mailparser-0.1.2.tgz

Current Artifacts and Analysis

security.snyk.io/vuln/npm:mailparser:20190312

Indicators and Changes

Hashes

sha256:a7c55ef358ba3b90def7f46fd0ad40830e0df3b6f68e32cdb8603c4ccb0cc45a

External References

npmjs.com/advisories/912

Source Data

Source record: oss/mailparser/meta.yaml