Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto,
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a
The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a
,
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a
The packages, published under three different accounts, come with an install‑time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a
, ,
https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html