Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser.
The package in question, named « nodejs_net_server » and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent
Source de l’article sur The Hacker News