Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools










Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively.
“While typosquatting attacks are










Go to TheHackersNews





Posted

in

by