In an alarming new development, cybersecurity experts at Fortinet FortiGuard Labs unearthed nearly three dozen bogus npm packages intended to extract sensitive data from unassuming developers’ systems. For those unacquainted with ‘npm’, it stands for Node Package Manager, helping developers serve up application logic faster than you can say, “Hey Google, play K-pop”.
Among the discoveries were dastardly packages with names that are about as innocent as a trojan horse at a firewall party. These included @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable. All harbor obfuscated code, as difficult to unravel as my attempt at untangling Christmas lights in January.
While this is a serious cause for concern and is nothing to chuckle at, let’s take a moment to appreciate the cyber vigilantes at Fortinet FortiGuard Labs. It’s thanks to them that developers around the world can sleep a bit more soundly at night, knowing their data is safer. Nonetheless, this incident reminds us all in the tech community to remain vigilant, check your packages, and always be skeptical of anything that looks too good to be true. After all, even roses have thorns and every cloud service has a potential data leak.
In a nutshell, Fortinet FortiGuard Labs have discovered 36 counterfeit packages within the npm package repository. These packs, which contain obfuscated scripts, are specifically engineered to extract sensitive information from developers’ systems. Individuals are encouraged to remain alert and assess their tech packages carefully. Remember, even in our tech-filled wonderland, malicious intent can reside where you least expect it. Just like discovering that the ‘ice-cream” you grabbed from the freezer turns out to be frozen fish sticks.
Original Article: https://thehackernews.com/2023/10/over-3-dozen-data-stealing-malicious.html
No products in the cart.