National Cyber Warfare Foundation (NCWF)

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools


0 user ratings
2024-12-19 15:08:23
milo
Attacks
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively.
"While typosquatting attacks are



Source: TheHackerNews
Source Link: https://thehackernews.com/2024/12/thousands-download-malicious-npm.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Attacks



Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.