Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

5 July 2022

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code to harvest sensitive data from forms embedded downstream mobile applications and websites.

Read full article on The Hacker News

Date:

5 July 2022

Categorie(s):

NEWS

Tag(s):

Apps, Data, Malicious, Mobile, Packages

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet25 April 2024
Ring agrees to pay $5.6 million after cameras were used to spy on customers25 April 2024
NDR in the Modern Cybersecurity Landscape25 April 2024
Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers25 April 2024
NIST’s role in the global tech race against AI25 April 2024