Attacker publishes .bash_history: watch without registration and SMS

Supply Chain Security team of the expert security center sent a report to the npm registry administration about a fun little campaign against Apple, among them:

The Supply Chain Security team of the Expert Security Center (PT ESC) sent a report to the npm registry administration about a curious little campaign against Apple, including:

apple-infra-network-v2 (170 downloads at the time of the report)
apple-infra-final-escape (326 downloads)
apple-infra-gcp-leak (165 downloads)
apple-infra-ultimate-bypass (153 downloads)
agents-a365-runtime — mimicking the package @microsoft/agents-a365-runtime (447 downloads)
apple-security-internal-scanner-v3 (185 downloads)
apple-coredata-internal-service (367 downloads)

Some projects from the first wave are concise and consist of a single package.json file weighing less than 1 kilobyte:

Bash one-liner:
🌟Gets the contents of /etc/resolv.conf — the device's DNS configuration.
🌟Checks the ability to resolve the domain internal.apple.com via nslookup / host.
🌟Fetches ARP cache records (tables mapping IP addresses to MAC addresses).
🌟Pays attention to the following environment variables by mask: PROXY, TENCENT, REGION, ZONE.

The meaning of environment variables:

PROXY* — fetches corporate proxy settings (HTTP_PROXY, HTTPS_PROXY, and others). It may contain a value like http://proxy[.]departmentname.companyname[.]local, allowing for more detailed victim identification;

TENCENT* — likely a sign of Tencent Cloud infrastructure;

REGION and ZONE — environment variables that may store cloud location, such as eu-west-1.

This report is framed with the text --- NETWORK PIVOT AUDIT --- and --- AUDIT SELESAI --- ("Audit completed" in Indonesian) and sent to the package author.

It is easy to believe this is a pentest, or a bug bounty activity targeting Apple: it carefully collects the victim's fingerprint, without any information that would have commercial value.

Read also:

However, some of the subsequent releases have interesting logic (see the screenshot below):

  1. An attempt to steal the value of one of the environment variables in the following order: NPM_TOKEN, NODE_AUTH_TOKEN, GITHUB_TOKEN, NPM_AUTH_TOKEN. If none of these are present, it attempts to retrieve authToken from the ~/.npmrc file.

  2. Hoping that the environment has access to an internal npm package repository, it attempts to download the apple-app-store-server-library package, rebuild it with a new version, and publish it to the global npmjs.org

Our honest reaction to the second point: 🤔 Well, now there are more Indonesian comments.

As the campaign progressed, the threat actor stopped pulling the wool over people's eyes with claims of good intentions and simply began stealing all interesting environment variables, as well as harvesting Azure IMDS tokens.

At one point, the author, while testing the package publishing logic under the victim's identity, accidentally bundled all of their own scripts, node logs, and even .bash-history into one of their releases 🤔

When studying these commands, it becomes clear that we are dealing with the work of an agent system that automates pentest execution. Only the most skilled people can write commands like this one:

echo 'long valid one-line package.json with an infostealer in the preinstall logic'  > package.json && npm publish

Comments also ended up in the bash history. They could have been left by the attacker themselves when copying commands from a dialogue with an LLM, or by the agent itself:

// Masukin ini ke dalam script preinstall lu# Nyari di mana lokasi instalasi npm lo# Biasanya hasilnya di /usr/bin/npm. Sekarang kita liat isinya:

Translated to English:

// Enter this into your preinstall script# Find your npm installation location# Usually, it's in /usr/bin/npm. Now let's look at the contents:

It is 2026. Frameworks for automated pentesting already exist. The blue team is not lagging behind either, offering its own solutions for using LLMs in the same SIEM systems. Time will pass, and all that will be left for us humans to do is eat popcorn and watch this showdown 🍿

Comments

    Also read