Home / Companies / Semgrep / Blog / Post Details
Content Deep Dive

Not Your IPC, but node-ipc: npm Hit Again with Supply Chain Attack (But This Time It's Not a Worm)

Blog post from Semgrep

Post Details
Company
Date Published
Author
Katie Paxton-Fear, Diptendu Kar
Word Count
524
Company Posts That Month
13
Language
English
Hacker News Points
-
Post removed?
No
Summary

Researchers identified malicious activity in recent versions of the node-ipc npm package, which contained an infostealer malware active for about two hours. This malware fingerprinted host environments, accessed local files, and exfiltrated data via a custom DNS server, leaving minimal traces except for DNS queries and a temporary file. Notably, node-ipc had previously been involved in a controversy in 2022 when maintainers added "protestware" targeting Russian and Belarusian IPs during the Ukraine-Russia War. Semgrep provides advisories and rules to detect such threats, urging users to scan projects for these package versions and follow remediation steps if affected. Remediation includes rotating credentials as the malware targets a broad range of credentials, from cloud services to development tools. Specific indicators of compromise, such as affected package versions and exfiltration domains, are outlined to aid in detection and response.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Kubernetes 4 1,965 371 106 -15%
MCP 3 7,098 726 186 +16%
Secrets Management 2 2,152 360 101 +18%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.