Researchers uncovered a malicious NPM package that steals a Google Chrome password by abusing the legitimate password recovery tool. NPM is the largest package manager for Node Javascript that contains nearly 1.5 million packages with more than 20 million package downloads for every month.

Read full article on GBHackers