Encrypted npm Packages Found Targeting Major Financial Institution
blog.phylum.io
Determining the intent behind a package publication is notoriously difficult. Is it a legitimate threat actor or a security researcher? We can rarely make this determination, so Phylum generally errs on the side of caution and annotates packages that exhibit characteristics congruent with malware-like behavior. Today is not such an