[x3d-public] NPM has malware?
John Carlson
yottzumm at gmail.com
Thu Jul 22 03:08:35 PDT 2021
Apparently, there's some kind of malware in the NPM (node.js package
manager) repository? Some AI reported a lot of malware. I don't see
much in depth analysis. Some of the malware appears to steal your
browser passwords? I see "HackTool:Win32/ChromePass"
If you want more "detail," I'll send what I have. My info comes from
subscribing to a website. Please let me know what you hear from other
sources, since I want to confirm this before I move away from npm packages.
I would at a minimum, run your antivirus against your node_modules folders.
I feel that it's important for people to know who have downloaded my
software.
My guess is they'll mark the packages as having malware, and people who
ran the malware will need to update their passwords.
John
More information about the x3d-public
mailing list