NPM supply-chain attack impacts hundreds of websites and apps

Sergiu Gatlan reports:

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites.

As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign (known as IconBurst) used typosquatting to infect developers looking for very popular packages, such as umbrellajs and NPM modules.

Read more at BleepingComputer.

About the author: Dissent

Comments are closed.