The library’s malicious behavior discovered Sonatype researchers, a company that studies public package repositories as part of its DevSecOps services.
Analysts say that the library was first published on the site last Friday, but on the same day it was noticed, and two days later it was removed from the site and blacklisted. Unfortunately, in those few days, the malware was downloaded more than 370 times.
It should be noted that this is not the first time, when a malicious package has been removed from the npm site in recent months. So, in September 2020, was discovered a package that stole files from Discord and browsers, and in October 2020, same Sonatype specialists identified at once four packages that collected and sent to their creators such data about user machines as IP addresses. computer username, home directory path, processor model, and country and city information.
User Review( votes)