Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

Catalin Cimpanu, reporting for BleepingComputer: The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular — albeit deprecated — JavaScript package. The actual backdoor mechanism was found in “getcookies,” a relatively newly created npm package (JavaScript library) for working with browser cookies. The npm team — which analyzed this package earlier today after reports from the npm community — says “getcookies” contains a complex system for receiving commands from a remote attacker, who could target any JavaScript app that had incorporated this library.

Read more of this story at Slashdot.


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/qQXxXcEUbMg/somebody-tried-to-hide-a-backdoor-in-a-popular-javascript-npm-package

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: