Not Your IPC, but node-ipc: npm Hit Again with Supply Chain Attack (But This Time It's Not a Worm)

Researchers identified malicious activity in recent versions of the node-ipc npm package, which contained an infostealer malware active for about two hours. This malware fingerprinted host environments, accessed local files, and exfiltrated data via a custom DNS server, leaving minimal traces except for DNS queries and a temporary file. Notably, node-ipc had previously been involved in a controversy in 2022 when maintainers added "protestware" targeting Russian and Belarusian IPs during the Ukraine-Russia War. Semgrep provides advisories and rules to detect such threats, urging users to scan projects for these package versions and follow remediation steps if affected. Remediation includes rotating credentials as the malware targets a broad range of credentials, from cloud services to development tools. Specific indicators of compromise, such as affected package versions and exfiltration domains, are outlined to aid in detection and response.