#credential-stealing

[ follow ]
#supply-chain-attacks #npm-malware #infostealers #ddos-botnets #npm #worm #software-supply-chain
Information security
fromtheregister
6 hours ago

Shai-Hulud copycat worm infects yet another npm package

A Shai-Hulud credential-stealing worm clone appeared in a malicious npm package, alongside three other infostealer packages from the same npm user.
fromInfoWorld
5 months ago

New Shai-Hulud worm spreading through npm, GitHub

A new version of the Shai-Hulud credentials-stealing self-propagating worm is expanding through the open npm registry, a threat that developers who download packages from the repository have to deal with immediately. Researchers at Wiz Inc. said Monday that in the early stages of the campaign late last week,a thousand new GitHub repositories containing harvested victim data were being added every 30 minutes. And researchers at JFrog identified 181 compromised packages.
Information security
[ Load more ]