Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in “UAParser.js,” a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library.
<!–adsense–>
The supply-chain attack targeting the open-source library saw threeThe U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in “UAParser.js,” a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to remove three rogue packages that were found to mimic the same library.
<!–adsense–>
The supply-chain attack targeting the open-source library saw threeRead More

Leave a Reply

Your email address will not be published. Required fields are marked *