Popular nmp package hijacked, modified to deliver cryptominers
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. The malicious versions check whether the device on which they have been installed runs Windows or Linux and, depending on the result, install a XMRig Monero cryptominer. Windows victims can also get saddled with a trojan that will try to steal cookies from Chrome and passwords for various … More
The post Popular nmp package hijacked, modified to deliver cryptominers appeared first on Help Net Security.
