Cybercriminals exploited typosquatting to deploy a malicious npm package, `@typescript_eslinter/eslint`, targeting developers seeking the legitimate TypeScript ESLint plugin, which was designed to mimic the genuine plugin, compromised systems by monitoring keystrokes, clipboard data, and executing remote commands.  They leveraged a WebSocket server for real-time control and data exfiltration as the persistence of a secondary malicious […]

The post Malicious ESLint Package Let Attackers Steal Data And Inject Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Source: gbHackers
Source Link: https://gbhackers.com/eslint-package-attack/