8 Malicious NPM Packages Stole Chrome User Data on Windows

JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser users on Windows. The attack highlights a growing threat to developers.

Cybersecurity researchers from JFrog Security Research have discovered eight malicious NPM packages. These packages are designed to attack Windows users on the Google Chrome browser and steal personal data.

These packages are a clear example of what is known as a supply chain attack, a growing risk in the software industry. This kind of attack happens when malicious code is secretly injected into a legitimate part of the software development process, like an open-source library, which is then used by many different developers. This allows the hackers to reach a huge number of people without directly hacking each one individually.

According to JFrog’s blog post, attackers hid their malicious ...