Get a Pentest and security assessment of your IT network.

Cyber Security

npm Pulls Malicious Package that Stole Login Passwords

Package ‘bb-builder’ stole login information from computers it was installed on. It deployed an executable for Windows operating system that sent sensitive information to a remote server. Package was added to the Node.js repository after compromising the account owner’s credentials. The password recovery tool is used to recover website login information stored by Internet Explorer, Mozilla Firefox, Google Chrome, Safari, and Opera browsers. It stayed undiscovered for a year, according to a researcher at ReversingLabs, a company that provides automated static analysis.

Source: https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation