Thanks! That comes from the Powerlevel10k theme.

I go over a basic blueprint in the video, but at a basic level an attacker would find the name of a private dependency, and upload a public package with the same name and a higher version number that contains malicious pre-install code which phones home to a network controlled by the attacker.

He used a DNS exfiltration technique where he encoded all of the data that he was getting out of the system as part of the DNS query he was making, and then his custom nameserver was set to log every request it received. From there he could easily read the data back out.

Thanks for early replay bro.

I don't really understand this so well. I saw the exact code he use to create the backdoor but I don't know how he included his dns server on the target depency

He included it in the preinstall hook, where a dependency can call an arbitrary script when it is downloaded. This is normally used to download external dependencies and binaries, but can be used maliciously as well.

Thanks for your hard work. You deserve me as a subscriber

Maven/Gradle is impacted. Gradle put out a deck on mitigation strategies here: www.jfokus.se/jfokus20-preso/Protecting-your-organization-against-attacks-via-the-build-system.pdf

Thanks! Always working on refining my style

Thanks!