Attacker Socially Engineered Developer With Phishing Email. A hacker laced 18 popular npm packages with cryptocurrency stealing malware after socially engineering the developer into giving up his credentials to the JavaScript runtime environment. Aikido Security said the 18 software packages collectively have downloads of more than two billion each week.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/hackers-compromise-18-npm-packages-in-supply-chain-attack-a-29396
