Microsoft spots malicious npm package stealing data from UNIX systems

The security team at npm (Node Package Manager), the de-facto package manager for the JavaScript ecosystem, has taken down today a malicious package that was caught stealing sensitive information from UNIX systems. The malicious package is named 1337qq-js and was uploaded on the npm repository on December 30, 2019.
The package was downloaded at least 32 times, before it was spotted and today by Microsoft's Vulnerability Research team. According to an analysis by the npm security team, the package exfiltrates sensitive information through install scripts and targets UNIX systems only.

Spotlight

Other News

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More