Sign Up
Already have an account?Log In
By clicking "Sign Up" you agree to our terms of service and privacy policy
- Username should be more than 3 characters.
- Username cannot start with numeric character.
- Username characters must be from {a-z,0-9}, special characters are not allowed.
- Make sure the Email is working to receive verification code & password reset link.
- Password should be more than 6 characters.
Forgot Password
Over 70 Malicious NPM and VS Code Extensions Stripping Data & Crypto Theft
Recently, security researchers uncovered more than 70 malicious packages within the NPM registry and associated VS Code extensions, designed to steal sensitive data and cryptocurrencies. These malicious packages, published across three different accounts, include install-time scripts triggered during package installation, which harvest hostnames, IP addresses, DNS servers, and user directories. The collected data is then exfiltrated to a Discord-controlled endpoint, posing significant security risks for developers and end-users alike. The threat underscores the importance of vigilant package management and security practices in open-source ecosystems, especially given the widespread use of NPM and VS Code extensions. This incident highlights ongoing vulnerabilities in software supply chains that cybercriminals exploit to compromise data integrity and financial assets.
Share
Copied