Malicious Python Packages with Self-spreading Capabilities Caught Stealing Browser Credentials, Discord Tokens, and System Information. The malicious package is able to steal the user’s password from their Chrome browser, along with Discord tokens and system information, and exfiltrate this data
A new attempt to compromise a popular NPM package had occurred in the past few hours. The popular COA (Command-Option-Argument) package is a parser for command line options with around 9 million weekly downloads, and a long list of dependent
A few days ago, CISA published an alert regarding malicious code discovered in an NPM package with close to 8 million weekly downloads, ”ua-parser-js”. A few days before, security researchers from Sonatype published a blog post reporting 3 malicious NPM package. A few connecting lines between these two incidents seems to suggest they are related. Looking
©2021 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified
