Recently, cybersecurity researchers discovered hackers distributing dozens of malicious libraries impersonating jQuery on code repositories like npm, GitHub, and jsDelivr. This attack involved hiding malware in the 'end' function of jQuery, utilized by the 'fadeTo' function, affecting 68 packages published in a few weeks.
Unlike previous automated attacks, this campaign involved manual effort, with unique package variability and publication dates. Major repositories like PyPI, GitHub, and npm have been targeted, leading to precautions such as PyPI suspending new account/project creation to tackle the uploading of malicious packages.
Collection
[
|
...
]