|
|
|
|
|
|
by tomabai
494 days ago
|
|
|
We discover a fake vscode extension that serves a multi-stage malware on npm, Inc. The package uses javascript obfuscation for downloading the first stage of the malware, than it uses a heavily obfuscated batch file to conntinue into the second phase. Lastly it leverages preconfigured ScreenConnect remote desktop installer to communicate with the compromised machine. |
|
|