Citiraj:
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below -
According to supply chain security firm Socket, the packages are designed to mimic node-telegram-bot-api, a popular Node.js Telegram Bot API with over 100,000 weekly downloads. The three libraries are still available for download.
|
> HackerNews
__________________
Lenovo LOQ 15AHP9 83DX || AMD Ryzen 5 8645HS / 16GB DDR5 / Micron M.2 2242 1TB / nVidia Geforce RTX 4050 / Windows 11 Pro
Lenovo Thinkpad L15 Gen 1 || Intel Core i5 10210U / 16GB DDR4 / WD SN730 256GB / Intel UHD / Fedora Workstation 42
|