Thursday, July 12, 2018

trojan horses ahoy

A while back I wrote up NPM and New Cities for Trojan Horses, mostly linking to this hypothetical how-to on putting in a credit card swiping bit of javascript in innocent looking code.

Something along those lines seems to be happening now, in the wild, for eslint-scope where some code seems to looking to grab .npmrc files and send them off, via pastebin. YIKES!

No comments:

Post a Comment