NPM Supply Chain Attack Detected: Malicious Version of Popular Package Released

--・Cuenta oficial de Binance verificada

Resumen de IA

A malicious release of the popular @ctrl/tinycolor package poses significant risks to users' sensitive data. Vigilance in monitoring and updating software is essential to mitigate potential threats.

According to PANews, a new attack targeting the NPM supply chain has been detected by Scam Sniffer. The package @ctrl/tinycolor, which has a weekly download rate of 2.2 million, released a malicious version. This version executes an information-stealing program during the post-installation script of npm, aiming to scan and steal sensitive data. The malicious payload exploits the legitimate sensitive information scanning tool, TruffleHog. Users are advised to check if they have downloaded the affected version, halt installation or update operations, and lock the version to a known safe one.

Aviso legal: Se incluyen opiniones de terceros. Esto no representa una asesoría financiera. Puede haber contenido patrocinado. Lee los TyC.

Noticias relacionadas

Security Flaw on Base Chain Leads to $90,000 Loss

Sei's Kame Aggregator Experiences Hack, Partial Funds Recovered

Hackers Exploit Microsoft Teams to Target Cryptocurrency Users

NPM Supply Chain Attack Detected: Malicious Version of Popular Package Released

Lo más reciente