Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

/in

As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a

The Hacker News – ​Read More

Vote for the sessions you want to see at TechCrunch Disrupt 2025Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments