More

    Hundreds of malware-laden fake npm packages posted online to try and trick developers




    • Criminals are adding hundreds of malicious packages to npm
    • The packages try to fetch a stage-two payload to infect the machines
    • The crooks went to lengths to hide where they host the malware

    Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories.

    Cybersecurity researchers from Phylum have warned a threat actor has uploaded hundreds of malicious packages to the open source package repository npm. The packages are typosquatted versions of Puppeteer and Bignum.js. Developers who are in need of these packages for their products, might end up downloading the wrong version by mistake, since they all come with similar names.

    https://cdn.mos.cms.futurecdn.net/7nFUScNqssCqAANmZefPDm-1200-80.jpg



    Source link

    Latest articles

    spot_imgspot_img

    Related articles

    spot_imgspot_img