Hackers Infiltrated Maven Central Masquerading as a Legitimate Jackson JSON Library

Malicious Jackson Lookalike Library Slips Into Maven Central

A software supply chain attack has breached Maven Central, allowing attackers to distribute malware by impersonating a trusted Jackson JSON library.  The campaign highlights how even subtle naming tricks can undermine developer trust and quietly introduce malicious code into production environments. The attackers have “… gone to great lengths to do a multi-staged payload, with encrypted configuration strings, a remote command-and-control server …

Hackers Impersonated Jackson JSON Library To Infiltrate Maven Central - Cybernoz - Cybersecurity News

Security researchers have uncovered a sophisticated multi-stage malware campaign targeting Maven Central, the primary repository for Java dependencies. The attack centered on a malicious package impersonating the legitimate Jackson JSON library marking the first significant detection of advanced malware in an ecosystem that has historically remained resilient against supply chain attacks. The malicious package, published under the namespace org.…

Hackers Infiltrated Maven Central Masquerading as a Legitimate Jackson JSON Library

A new malware campaign has successfully infiltrated Maven Central, one of the most trusted repositories for Java developers, by masquerading as a legitimate Jackson JSON library extension. The malicious package, published under the org.fasterxml.jackson.core/jackson-databind namespace, represents one of the first instances of sophisticated malware discovered on Maven Central through a typosquatting attack. This attack takes […] The post Hackers …