Researchers at FortiGuard Labs uncovered nine sets of malicious NPM packages designed to steal sensitive data, including system information, user credentials, and source code. Know more!
This article is garbage IMO. It’s no surprise that malware exists on NPM (since uploaded code is not security-reviewed), and that different types of malware present different types of threats.
The actual interesting part is the names of the packages, which are somewhat clever IMO as they seem harmless and legitimate, but this trash summary article decided to strip out the package names.
but this trash summary article decided to strip out the package names.
Why the heck would they strip out the package names?! That’s like the bare minimum piece of information an article about something like this should contain.
This article is garbage IMO. It’s no surprise that malware exists on NPM (since uploaded code is not security-reviewed), and that different types of malware present different types of threats.
The actual interesting part is the names of the packages, which are somewhat clever IMO as they seem harmless and legitimate, but this trash summary article decided to strip out the package names.
Here is the original article which does have the package names: https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm
Why the heck would they strip out the package names?! That’s like the bare minimum piece of information an article about something like this should contain.