Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

Catalin Cimpanu, reporting for BleepingComputer: The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular — albeit deprecated — JavaScript package. The actual backdoor mechanism was found in “getcookies,” a relatively newly created npm package (JavaScript library) for working with browser cookies. The npm team — which analyzed this package earlier today after reports from the npm community — says “getcookies” contains a complex system for receiving commands from a remote attacker, who could target any JavaScript app that had incorporated this library.

Read more of this story at Slashdot.

Original URL:

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: