|
|
|
|
|
|
by ForOldHack
4 days ago
|
|
|
It does not just sound insane, it is insane... "He reverse-engineered an actual attack.
The project contained scripts that enabled code injection and crypto-wallet theft.
His post (highly recommended):" https://www.linkedin.com/pulse/como-identifiquei-um-golpe-em... "The execp package (version 0.0.1) is an infamous, malicious dependency frequently used in recent supply-chain attacks and job interview scams. Threat actors embed this 9-year-old package into seemingly innocent "technical assessments" or projects. When you run npm install, it quietly executes arbitrary shell commands in the background to compromise your machine." |
|
|