EVENT STREAM HACK - JavaScript supply chain attack analysis [2021]

John McBride

event stream hack event stream hack 2018 event stream hack analysis event stream hack video essay event stream injection attack event-stream hack hacker analysis javascript supply chain attack javascript supply chain attack analysis john codes john codes hack analysis malware analysis malware video essay software engineer explains hacking software engineering hack analysis virus analysis

description

DISCLAIMER: This is for educational purposes only. I intentionally left some critical pieces out in order to obfuscate it some but all information in this video is readily available and public on the internet. This is a hacker analysis of the 2018 event-stream JavaScript code injection / supply chain attack. Event-stream was a popular (and critical) dependency to many larger NPM packages. A user found some strange commit from an unknown author who was given maintainer access to the repo. That commit contained some injected malware.

GitHub issue: https://github.com/dominictarr/event-stream/issues/116

#johncodes

🚀 SUMMARY: In this video, we'll explore the 2018 event stream hack which was a javascript supply chain attack via injected code. Once the malicious commit was found, it took the community several days to figure out what the injected code was actually doing. The "npm_package_description" variable was a big clue and eventually, the community was able to brute force the key and decrypt the injected code. The injected code was compiled as an additional module and was ultimately a targeted attack that would attempt to steal any bitcoin / bitcoin cash on the system. Even though this was an extremely targeted attack against a very specific group, it ultimately resulted in millions of users being affected. Again, the event-stream package was a popular core dependency in many other NPM packages. We have alot to learn from this case and it says alot about how we as developers should approach open source software and being involved in those communities.

⏰ TIMESTAMPS: 00:00 Intro 00:20 Initial finding 01:04 DISCLAIMER 01:22 Initial analysis 05:37 Attack payloads 07:41 Open source software 10:27 How to recognize this kind of attack 12:20 Look for the obvious stuff 14:18 Conclusion

🔗 SOCIAL LINKS: ► Live on Twitch: https://johncodes.live ► Join the Discord: https://discord.gg/jk4uSKhx3e ► Twitter: https://twitter.com/johncodezzz ► Instagram: https://www.instagram.com/johncodezzz/ ► TikTok: https://tiktok.com/@johncodes ► Home page: https://johncodes.com ► Email contact: hello@johncodes.com

🎵 MUSIC CREDITS:

Project AER – Likelife
Provided by Lofi Records
Watch: https://youtu.be/L6-zc09jTg4
Download/Stream: https://fanlink.to/GrowthPatterns

🤔 About: Hi all, I’m John, an experienced software engineer and open source software enthusiast / contributor. I make fun and informative videos about tech, engineering, productivity, and life! Like, comment, and subscribe for more! ... https://www.youtube.com/watch?v=8Byayr0jGm4

created

2023-01-06

staked

0.0 LBC

license

Copyrighted (contact publisher)

File size

235083679 Bytes