#npm-malware

[ follow ]
#email-exfiltration #software-supply-chain #supply-chain-attack #dependency-compromise #credential-theft
#software-supply-chain
fromInfoWorld
3 days ago
Information security

Contagious Interview attackers go 'full stack' to fool you

Attackers use GitHub, Vercel, and NPM as a unified pipeline to distribute Trojan NPM packages that steal credentials and provide remote access.
fromThe Hacker News
2 months ago
Information security

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Malicious npm package 'postmark-mcp' added a BCC that forwarded every email to phan@giftshop[.]club, exposing thousands of emails and supply-chain risk.
more#software-supply-chain
Information security
fromThe Hacker News
2 weeks ago

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Seven npm packages used the Adspect cloaking service to fingerprint visitors and selectively redirect real victims to malicious crypto-themed sites while evading security researchers.
Information security
fromTheregister
2 months ago

Fake Postmark MCP npm package stole emails with one-liner

A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.
Information security
fromIT Pro
2 months ago

A malicious MCP server is silently stealing user emails

A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.
Information security
fromThe Hacker News
2 months ago

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages impersonating Flashbots exfiltrate Ethereum private keys and mnemonic seeds to a Telegram bot and redirect unsigned transactions to attacker-controlled wallets.
[ Load more ]