Malicious npm Packages Aim to Target Developers for Source Code Theft

A sign of how risks continually lurk in open-source repositories is the use of malicious npm packages to target developers with the intention of stealing source code and configuration files from victim PCs. Checkmarx, a software supply chain security company, stated in a study provided with The Hacker News that “the threat actor behind this campaign has been linked to malicious activity dating back to 2021.”

They have continued to publish harmful software ever since. The most recent report is a continuation of the same effort, which was exposed by Phylum at the beginning of the month, in which several npm modules were designed to exfiltrate important data to a remote server.

Malicious npm Packages Aim to Target Developers for Source Code Theft

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Malicious npm Packages Aim to Target Developers for Source Code Theft

30-Aug-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address