15.7 C
Pakistan
Thursday, November 7, 2024

Hundreds of malware-laden fake npm packages posted online to try and trick developers

Must read

Hundreds of malware-laden fake npm packages posted online to try and trick developers

2024-11-05 20:15:00


  • Criminals are adding hundreds of malicious packages to npm
  • The packages try to fetch a stage-two payload to infect the machines
  • The crooks went to lengths to hide where they host the malware

Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories.

Cybersecurity researchers from Phylum have warned a threat actor has uploaded hundreds of malicious packages to the open source package repository npm. The packages are typosquatted versions of Puppeteer and Bignum.js. Developers who are in need of these packages for their products, might end up downloading the wrong version by mistake, since they all come with similar names.



Source link
www.techradar.com
#Hundreds #malwareladen #fake #npm #packages #posted #online #trick #developers

- Advertisement -spot_img

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

CommentLuv badge
- Advertisement -spot_img

Latest article