Security News > 2021 > July > NPM package steals Chrome passwords on Windows via recovery tool

NPM package steals Chrome passwords on Windows via recovery tool
2021-07-21 13:00

Today, researchers at ReversingLabs have disclosed their findings on two malicious npm packages that secretly steal passwords from your Chrome web browser.

"We have contacted NPM to take the package down. We are still waiting on their security team to respond," ReversingLabs' chief software architect and co-founder, Tomislav Pericin told BleepingComputer in an email interview.

Interestingly, as soon as the package is installed by the developer, it attempts to gain persistence on the Windows machine by abusing the well-known npm configuration option, "Bin".

The "Bin" option in the package's manifest file, package.

As for temptesttempfile, the package is minimal with just two files, and only implements the remote shell functionality of nodejs net server, making it seem like a test package as the name suggests.

"Fun fact related to versions that contain the password recovery tool is that the package author accidentally published their own, stored login credentials."


News URL

https://www.bleepingcomputer.com/news/security/npm-package-steals-chrome-passwords-on-windows-via-recovery-tool/