The Hacker News
1 year, 7 months ago
XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems