Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts.

“This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain ‘compatible’ with npm v12’s security hardenings,” JFrog said in a

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit Read on The Hacker News Source: The Hacker News

Read More

All train services in Germany halted after train radio communications disruption

All train services in Germany halted after train radio communications disruption Source: Hacker News

Read More

Attack Update: Top 5 Attack-IPs auf doode.info – 19.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 85.215.205.132 — 1027 requests (recent log) 213.209.159.175 — 263 requests (recent log) 89.167.35.212 — 226 requests (recent

Read More