Ongoing typosquatting campaign impersonates hundreds of popular npm packages

5 November 2024

An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect systems with info-stealing and snooping malware. The npm supply chain attack appears to have originated in October, and we’ve seen three different security shops sound the alarm on this novel typosquatting effort that uses Ethereum smart contracts for command-and-control (C2) operations.

Source: The Register

Date:

5 November 2024

Categorie(s):

NEWS

Tag(s):

IT, News

Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches5 November 2024
Amazon Inspector suppression rules best practices for AWS Organizations5 November 2024
Building Cybersecurity Resilience: Strategies, Technologies, and Best Practices from Industry Leaders5 November 2024
Criminals open DocuSign’s Envelope API to make BEC special delivery5 November 2024
Link Index for Customer Identity and Access Management5 November 2024