The malware is hidden in four malicious npm modules: small-sm, pern-valids, lifeculer, and proc-title. These were dressed up to appear to be useful, innocent libraries that developers then pull into their applications and execute.
Software supply chains have long been targets of attackers, particularly those targeting frameworks like shopping carts or development tooling, according to Tim Mackey, principal security strategist at Synopsis' Cybersecurity Research Center. The detection of LofyLife comes as GitHub makes a few changes to npm. That includes a streamlined login and publish experience in the npm CLI and the ability to connect GitHub and Twitter accounts to npm. In addition, all npm packages were re-signed, and GitHub added a new npm CLI command for auditing the integrity of the package.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: Glasgow_Times - 🏆 76. / 59 Read more »
Source: ShropshireStar - 🏆 98. / 51 Read more »
Source: BritishVogue - 🏆 14. / 80 Read more »
Source: TheRegister - 🏆 67. / 61 Read more »
Source: thelincolnite - 🏆 121. / 51 Read more »