@stacklokhq : Attackers continue to abuse open source ecosystems as a vector to deliver malware. In this incident, at least 4 trojanized npm packages silently collected and exfiltrated users' cryptocurrency wallet secrets upon installation. Read @50xpoppaea's analysis of this attack here: • TwiCopy

Stacklok

@stacklokhq

+ Follow

Makers of open source and free-to-use tools for AI-curious developers. Find our most recent project here: codegate.ai

ID: 1649442398445903873

linkhttps://stacklok.com calendar_today21-04-2023 15:58:36

406 Tweet

495 Followers

75 Following

Stacklok

@stacklokhq

a year ago

Attackers continue to abuse open source ecosystems as a vector to deliver malware. In this incident, at least 4 trojanized npm packages silently collected and exfiltrated users' cryptocurrency wallet secrets upon installation. Read Poppaea's analysis of this attack here:

thumb_up_off_alt6

chat_bubble_outline0

repeat4

shareShare