[feross]

We've been building Socket [1] to detect and block this exact type of supply chain attack. Our Socket AI scanner [2] successfully detected this attack. It uses dozens of static signals combined with an LLM to detect novel attacks that evade traditional scanning tools.

This is what Socket AI produces when given @ledgerhq/connect-kit 1.1.7 to analyze:

> The obfuscated code block is highly suspicious and likely contains malicious behavior. The presence of obfuscation and the unclear purpose of the code raise significant red flags.

Feeling very proud of our team right now as this validates that our static analysis + LLM approach works well on novel malicious dependencies. If you're interested, we maintain a listing of malicious packages detected by this system [3].

Small plug: If you’d like real-time protection against attacks like this, you can install Socket for GitHub to automatically scan every PR in your repo. The free plan is incredibly generous. If you do decide to install it, it’s important that you enable the ‘AI Detected Security Risk’ alert type in your Security Policy to activate this protection.

[1]: https://socket.dev

[2]: https://socket.dev/blog/introducing-socket-ai-chatgpt-powere...

[3]: https://socket.dev/npm/issue/malware

[ryanjshaw]

Do you discuss anywhere what you use for static analysis? I skimmed through your blog but didn't see any details. Also -- did you detect and publish this BEFORE it became public knowledge? It's unclear.

[feross]

We've built our own minimalist static analysis engine that only supports scanning for the specific supply chain threats we care about. For that reason, it's a lot simpler and faster than a generic engine.

I'll see if we can write up a bit about how it works in a future blog post.

[meagher]

Love Socket! A lot of folks (think most) were loading the compromised package through another package, @ledgerhq/connect-kit-loader [1], via a CDN call [2]. Would be great if Socket could pick up on this because Socket's @ledgerhq/connect-kit-loader page [3] doesn't include any warning.

[1]: https://socket.dev/npm/package/@ledgerhq/connect-kit-loader

[2]: https://github.com/LedgerHQ/connect-kit/blob/main/packages/c...

[3]: https://socket.dev/npm/package/@ledgerhq/connect-kit-loader/...

[feross]

Thanks for reporting this. Fixed: https://socket.dev/npm/package/@ledgerhq/connect-kit-loader/...

We don't currently detect 'implicit dependencies' loaded via CDN URLs, though we'll look into what it would take to support this.

[meagher]

Sounds good. Excited for this and all future Socket improvements!

[bob1029]

Could you slide a gzip window over the source code and flag any relatively high entropy region(s) for human review? Would this maybe be more deterministic than an LLM?

How about a multi-stage system that uses the LLM to attempt analysis of the statistically-detected high entropy regions by way of an assortment of tools, such as b64 decode?

I like where you are headed with this. Just some thoughts I had.

[stevelacy]

Is it possible to consume the malware list as JSON/SSE?

[feross]

Yes, please get in touch with me at (my_username)@socket.dev.

[theteapot]

Apparently 1.1.5|6 we're also compromised?