- npm (the Node.js package deal supervisor)
- pip (the Python package deal installer)
- git (a model management system)
- kubectl (a Kubernetes command-line instrument)
- terraform (an Infrastructure as Code instrument)
- gcloud (Google Cloud’s command-line interface)
- heroku (the Heroku command line interface)
- dotnet (the command line interface for .NET Core)
“Each of these commands is widely used in various development environments, making them attractive targets for attackers looking to maximize the impact of their malicious packages,” says the report.
Another command jacking tactic has been dubbed “command wrapping.” Instead of changing a command, an attacker creates an entry level that acts as a wrapper across the authentic command. This stealthy strategy permits attackers to keep up long-term entry and doubtlessly exfiltrate delicate data with out elevating suspicion, says the report. However, it provides, implementing command wrapping requires further analysis by the attacker. They want to know the proper paths for the focused instructions on totally different working programs and account for potential errors of their code. This complexity will increase with the range of programs the assault targets.
A 3rd tactic could be creating malicious plugins for widespread instruments and frameworks. For instance, if an attacker wished to focus on Python’s pytest testing framework, they’d create a plugin which seems to be a utility to assist in testing that makes use of pytest’s entry level. The plugin might then run malicious code within the background, or permit buggy or susceptible code to go high quality checks.
