Posted by righttoprivacy in Tech (edited )
QUOTE: "Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs.
One set of packages – named:
expue/webpack expue/core expue/vue3-renderer fixedwidthtable/fixedwidthtable virtualsearchtable/virtualsearchtable – harbored an obfuscated JavaScript file that's capable of gathering valuable secrets.
Collection includes Kubernetes configurations, SSH keys, and system metadata such as username, IP address, and hostname."
Eh, sounds serious.
FULL ARTICLE: https://thehackernews.com/2023/10/over-3-dozen-data-stealing-malicious.html