Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

2024-12-19 13:56

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. "While typosquatting attacks are

News URL

https://thehackernews.com/2024/12/thousands-download-malicious-npm.html

#libraries #NPM #tools