Citiraj:
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below -
According to supply chain security firm Socket, the packages are designed to mimic node-telegram-bot-api, a popular Node.js Telegram Bot API with over 100,000 weekly downloads. The three libraries are still available for download.
|
> HackerNews
__________________
Lenovo LOQ || AMD Ryzen 5 8645HS / 16 GB DDR5 / 1TB Micron M.2 2242 / 1TB Sandisk Extreme nvme M.2 / nVidia Geforce RTX 4050 / Windows 11 Pro
Lenovo Thinkpad T540p || Intel Core i7-4700MQ / 16GB DDR3 / 240GB Sandisk Plus / nVidia Geforce GT 730 / FreeBSD 14.3
|