[tomek@vz]

Citiraj:

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below -

• node-telegram-utils (132 downloads)
• node-telegram-bots-api (82 downloads)
• node-telegram-util (73 downloads)

According to supply chain security firm Socket, the packages are designed to mimic node-telegram-bot-api, a popular Node.js Telegram Bot API with over 100,000 weekly downloads. The three libraries are still available for download.

> HackerNews