ctx
ctx NPM package maintainer hijack steals credentials
An attacker gained access to the maintainer account for ctx, a small utility library, and published a malicious release. The payload hid in a test file but ran during installation, scraping environment variables and .npmrc credentials from machines that treated the package as harmless plumbing.
- Date
- 2022-05-18
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Data Exfiltration
- Cause
- Compromised Account/Credentials
What Was Affected
Package
ctx
LanguageJavascript
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
npmjs.org
Repository
github.com/rreverser/ctx
Compromised Versions
Incident Context
- Motive
- Credential Theft
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:195f077e7e3390951309a5e8fa0f02f16110d41915fc569097e6c90dfb76755e
Source Data
Source record: oss/ctx/meta.yaml