In the latter part of December 2021, Mend Diffend detected the new release of a package called @maui-mf/app-auth. This package used a vector of attack that was similar to the server side request forgery (SSRF) attack against Capital One in 2019, in which a server was tricked into executing commands on behalf of a remote user, thereby enabling the user to treat the server as a proxy for requests and gain access to non-public endpoints.
Once decoded, it becomes evident that the request targets an Amazon Web Services (AWS) Metadata Service. The URL was used to provide an HTTP application programming interface (API) for retrieving information like the node’s IP address, placement within the AWS network, hostname and IAM security credentials.
In the case of the @maui-mf/app-auth package, the targeted endpoint returned information about the IAM role assigned to the instance from which the request was made. Left unchecked, the data would be passed on to the external domain “microsoft-analytics.net” via the domain name system (DNS) lookup query.
In case you have any doubt, this was malicious activity. While the data provided by this package wasn’t enough to perform a full SSRF attack, it could be enough to give the attacker knowledge of potential vectors for further exploitation. In the parlance of the MITRE ATT@CK framework, this was both an “initial access” and a “discovery” tactic. For instance, by installing the package, an attacker could validate that there are indeed vulnerable machines out there and in turn release a new version of the same package that will contain exploits of those vulnerabilities. That new version could try to elevate the permissions by running a second query to the AWS endpoint to obtain the credentials needed for the exploitation.
As with all of Diffend’s findings, the researchers at Mend immediately reported the malicious @maui-mf/app-auth package to the npm security team for the sake of the whole open-source software (OSS) community. It’s worth noting, however, that there was a 15-hour time gap between the package being identified and subsequently being removed from npm. During this time, software developers using Diffend were notified that the package was malicious. (If you wish to use Diffend as part of your software supply chain, you can start using the application here.)