Socket Security has spotted 10 malicious npm packages.

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Navigazione
- Categorie
- Recenti
- Mondo
- Ultime miste
- Tag
- Popolare
- Utenti
- Gruppi
- Preferiti
Account
- Registrati
- Accedi

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Socket Security has spotted 10 malicious npm packages.

Pianificato Fissato Bloccato Spostato
Senza categoria

1 1 0

C
124

0

C

campuscodi@mastodon.social

Socket Security has spotted 10 malicious npm packages.
The thing that stands out about them is the use of a CAPTCHA challenge in the npm CLI as they're being installed, most likely as a fake-out to convince victims they're installing a legitimate and actively maintained package.

10 npm Typosquatted Packages Deploy Multi-Stage Credential H...

Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer...

Socket (socket.dev)
0
C cybersecurity@poliverso.org ha condiviso questa discussione