Skip Navigation
Resources Blog Exploit creator selling 250+ reserved npm packages on ...

Exploit creator selling 250+ reserved npm packages on Telegram

Exploit creator selling 250+ reserved npm packages on Telegram

Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web Services (AWS), Microsoft, React, CKEditor, among other popular names.

These nascent packages contained an active reverse shell and remote code execution (RCE) exploits enabling their owner to carry out attacks against their targets at will.

It gets more interesting.

We further discovered that these packages, all created by a Russian hacker who claims to be a bug bounty hunter, were being made available for "sale" to prospective buyers via Telegram. How ethical is this?

Published shortly after latest versions of real packages

Last week, Sonatype security researcher Jeff Thornhill and I noticed something strange.

Of the thousands of suspicious packages flagged by our automated malware detection systems, 260 npm packages were named exactly like ones created by renowned companies like Microsoft and Amazon.

As an example, the problematic npm package 'api-extractor-model' from this set is named after Microsoft's '@microsoft/api-extractor-model', a legitimate npm library published under the "@microsoft" scope. Similarly, 'client-cloudwatch-logs' is named after Amazon Web Services (AWS) SDK npm package called "@aws-sdk/client-cloudwatch-logs" and yet another example includes, "react-native-community" imitating the authentic "@react-native-community/cli".

What makes this case interesting is the timing of these packages — most of these emerged within 4-5 days of legitimate projects publishing their latest releases.

Tracked as sonatype-2024-2066, all of these suspicious packages included a note stating, "bugbounty test. dont worry. be happy," indicating that these were created for proof-of-concept (PoC) purposes or an authorized penetration test. But, that's merely the whole story.

These packages contained ready-made exploits that can be used by anyone to conduct a reverse shell or dependency confusion attack against their target.

On sale: Reserved npm packages, exploit kit yours for $$$

The author behind these is a Russian hacker who maintains presence across bug bounty and capture the flag (CTF) ethical hacking platforms. Our investigation also identified Mozilla Firefox plugins potentially created by the same user.

While we cannot definitively conclude whether the author is an ethical or a grayhat researcher, what we discovered certainly casts doubt on their "ethical" intentions.

Starting with "api-extractor-model," (that imitates the Microsoft package) for example, we see it contains a simple code to establish a connection to the author's domain and retrieve secondary payload (i.e. arbitrary code) in the style of dependency confusion exploits we have previously seen.

What gets our attention, however, is the note in the package (on Line 33) "You can reach me, if you want to buy it," followed by the author's Telegram account URL.

A question arises, are these exploits available for sale to just about anyone on the dark web, or the company targeted?

We have retracted unsafe URLs from the screenshot below.

This call to buy the package contravenes the "PoC for [potential] RCE" disclaimer mentioned in the manifest file (package.json) as most ethical researchers and bug bounty hunters are not keen on selling active exploits in this manner:

Other packages named after high profile projects were a bit more creative. These had the author's "randombullshitgo-js" package listed a dependency.

So, as soon as these packages would get installed, they'd pull in "randombullshitgo-js," which in turn contains both a reverse shell and a remote code execution (RCE) payload:

In a way, the author "reserved" (squatted) hundreds packages on the registry which are named very closely to the real packages but contain potent payload, with a note offering them for sale.

Some of the packages contained screenshots (proof.png) that appeared to demonstrate a successful attack against organizations (or developers) who may have used the author's illicit package as opposed to the authentic package, as shown in this example:

We have redacted the targeted party's IP address as well as the package author's hostname for privacy.

Bug bounty award vs. extortion

Generally, ethical researchers and hackers demonstrate a successful vulnerability or security exploit to an organization, via their official bug bounty programs and are then discretionarily awarded a bug bounty by the company, as opposed to offering to sell an exploit themselves to a prospective buyer or the company — which could be seen as extortion.

Do organizations sometimes, and perhaps unfairly so, refuse to award a bug bounty for legitimate security reports? Absolutely.

Seemingly minor but crucial nuances like these, on a researcher's part, are what pave key differences between actions that constitute ethical security research and those which could be adversarial.

We reported these packages in timely fashion to the registry and these were, predictably, removed promptly for violation of npm registry's Open Source terms that regulate the thin line between security research efforts and "exploits and malware that use the npm registry as a deployment or delivery vector."

Sonatype's latest discovery follows this month's Russia-linked 'Lumma' crypto stealer targeting Python developers via the PyPI registry. These repeated incidents highlight instances of both advanced persistent threats (APTs) and foreign adversaries investing their malicious efforts in open source registries to deploy their next stage attacks against both niche developers (such as those building AI/LLM apps) and public sector that comprises organizations with tech stacks heavily relying on Microsoft, or what has been called a ".NET shop." Recurring attacks of such merit provide a much wider target base to threat actors when compared to traditional means.

Users of Sonatype Repository Firewall are protected from counterfeit components like these, which would be blocked from entering their builds. We may discretionarily expand our blocklists periodically as similar packages surface and our investigation into these campaigns progresses. If you're not already protected with Sonatype, get in touch so we can show you Repository Firewall in action.

Picture of Ax Sharma

Written by Ax Sharma

Ax is a Staff Security Researcher & Malware Analyst at Sonatype with a penchant for open source software. His works and expert analyses have frequently been featured by leading media outlets including the BBC. Ax's expertise lies in security vulnerability research, reverse engineering, and cybercrime investigations. He has a passion for educating a wide range of audiences through writing and vlogs.