image credit: Pixabay

Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data

A routine scan of the NPM open source code repository in April turned up several packages using a JavaScript obfuscator to hide their true function.

After further investigation, analysts with ReversingLabs reported they have uncovered a campaign dating back at least six months that used more than two dozen malicious NPM modules to steal data from sites and applications. All together, the team found that 27,000 instances of the malicious NPM packages had been downloaded.

Read More on Dark Reading