Speared supply-chain attacks: when an adversary is looking for your company
During April, we caught a 2-step malware in the NPM ecosystem that is targeting a specific company. In my talk, I’ll briefly explain the dependency-confusion attack vector and how it is impacting software companies - and then we’ll go over all the technical bits of the malware, its reversing process, and how we interacted with the adversary behind it. I’ll explain what the malware does, how it decoys, cleans up, hides, and when (and why) it deploys the C2 agent (trojan). After that, we’ll go through how we communicated with the adversary and how we found out about sibling malware.