The title says it all.
Saw this awesome article on Bleeping Computer about a supply chain attack.
A supply chain attack as defined by Microsoft is:
Supply chain attacks are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.Microsoft
I find these type of attacks to be so interesting. A great technical breakdown is available in the Bleeping Computer Article, I won’t walk you through it. However I highly suggest reading it!! Note the preview image of this post is actually the obfuscated code as seen in the wild!
Guessing using an SRI-hash on a cross-domain script inclusion would’ve solved this issue! Another reminder to always check scripts you use on your applications even though that’s a tough thing to do!
Check out the article HERE