uaparser-js - isotope¹³

Incident Summary

ua-parser-js NPM package hijacked distributing malware

The maintainer's npm account was compromised, allowing attackers to publish malicious versions of ua-parser-js, a library embedded across millions of weekly installs. The payload stole OS passwords, browser cookies, and Discord tokens, then installed a cryptominer on Linux and Windows. Its danger came from reach; user-agent parsing had become quiet infrastructure.

Date: 2021-10-22
Category: Open Source
Target Surface: Package registry
Insertion Phase: distribution
Impact: Financial Exploitation
Cause: Compromised Account/Credentials

What Was Affected

Package uaparser-js

LanguageJavascript

ComponentLibrary

Artifact typesource archive

Domain typepackage host

Domain npmjs.org

Repository github.com/faisalman/ua-parser-js

Compromised Versions

Incident Context

Motive: Financial Gain
Attribution: Cybercriminal Gang
Transitive: No
User Impact: 8000000
Observed Duration: 0 days

Evidence

Compromised Artifacts

Current Artifacts and Analysis

Indicators and Changes

Hashes

sha256:bd669280081a82e8f29f0c5a522169f2917fd522ac229b376189e763184307ba

External References

Source Data

Source record: oss/uaparser-js/meta.yaml