Table of Contents
  • Home
  • /
  • Blog
  • /
  • How Can You Protect Your Computer From Infected ‘COA’ and ‘rc’ NPM Packages?
November 8, 2021

How Can You Protect Your Computer From Infected ‘COA’ and ‘rc’ NPM Packages?

How Can You Protect Your Computer From Infected Coa And Rc Npm Packages

Recently, the globe has witnessed another supply chain attack. This time attackers cleverly infected two popular NPM packages: COA and rc, with password-stealing malware to create a backdoor on the victim computers. Let’s see how can you protect your computer from infected COA and rc NPM packages.

Victims Of The Infected NPM Packages:

No discrimination has been seen in terms of the victims. Since it is a supply chain attack, the one who installs the infected package would become a victim. It’s been said that these two NPM packages were downloaded 22 million times in a week of time altogether.

What Is NPM?

npm is the world’s largest Software Library(Registry). npm has more than 800,000 packages in its software registry. npm is not only a software registry but also a software Package Manager and Installer. It is released under an open-source license and made free to use. Anybody can download and npm and its public software packages without any registration or login. So many organizations use npm in their private developments. 

How To Install NPM And Its Packages?

npm will get installed when you download and install Node.js. You should install Node.js to install npm. You can learn how to install or upgrade Node.js from this page.

What Are COA And rc NPM Packages?

COA (Command-Option-Argument) is a parser for command-line options. It aims to get maximum profit from formalization of your program API. You can read more about COA from its official siterc is the non-configurable configuration loader. Visit this page to learn rc with its usage, formats, standards, and with live examples.

Infected Versions Of COA And rc Packages:

NPM PackageAffected versions
COA= 2.0.3
= 2.0.4
= 2.1.1
= 2.1.3
= 3.0.1
= 3.1.3
rc= 1.2.9
= 1.3.9
= 2.3.9

How To Protect Your Computer from Infected ‘COA’ And ‘rc’ NPM Packages?

If you are running COA with any one of the affected versions (v2.0.3 and above), then please downgrade your COA to 2.0.2 as soon as possible and check for suspicious activities.

In the same way, if you are running the affected versions (1.2.9, 1.3.9, and 2.3.9) of rc npm package on your computer, then downgrade your rc package to 1.2.8 as soon as possible and check for suspicious activities.

Any computer that has affected versions of COA and rc packages installed or running on them should be considered fully compromised and you should do these steps to neutralize the infections.

  1. Unplug the network cable and isolate the machine from the network. You can keep the computer untouched if you want to carry out the threat analysis to identify IOCs.

  2. Initiate the full image backup or filesystem backup from a clean backup snapshot. Restore the machine with clean image.

  3. If you don’t have the backup, then immediately downgrade the npm package to the ininfected versions as suggested above.

  4. Removal of the package doesn’t guarantee that infection has been removed. All secrets and keys stored on that computer should be rotated immediately from a different computer.

  5. Run all the security checks on the infected system and make sure your machine is not infected with the malware.

Run these checks on the suspected machines:

  1. Check for unusual accounts created, especially in the administrator’s group

  2. Check for unusual big files on the storage, bigger than five GB

  3. Check for any unusual files added recently in system folders

  4. Check for files using the “hidden” attribute Property

  5. Check for unusual programs launched at boot time in the windows registry

  6. Check all running processes for unusual/unknown entries, especially processes with username “system” and “administrator.”

  7. Check user’s autostart folders

  8. Check for unusual/unexpected network services installed and started

  9. Check for unusual network activity

  10. Check at the opened sessions on the machine

  11. Check for unusual automated tasks

  12. Check for unusual log entries

  13. Check for any rootkit

  14. Run an anti-virus product on the whole disk to check for any malware

How to downgrade the npm package?

Step 1. Install the older version of npm package

Specify the version with ‘@’ char either to install or uninstall the npm package.
npm install <package>@<version>

$ npm install coa@2.0.2
npm install rc@1.2.8

Step 2. Check the versions of npm packages

It is easy to see the versions of npm packages with this simple command.
npm view <package> versions

$ npm view coa versions
$ npm view rc versions

Step 3. Uninstall the affected versions of npm packages

Since we don’t have the affected versions of COA and rc npm packages, there is nothing to remove from our server. if you see affected versions on your machine, uninstall the package with the version number like the installation process.
npm uninstall <package>@<version>

Ex:1. npm uninstall coa@2.0.32. npm uninstall coa@2.0.43. npm uninstall rc@1.2.9
For information:
Click here

We hope this post would help you in learning How Can You Protect Your Computer from Infected ‘COA’ and ‘rc’ NPM Packages. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Cloud & OS Platforms

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription