Another attack targeting the NPM supply chain occurs as @ctrl/tinycolor releases a malicious version
ChainCatcher news, Scam Sniffer has detected another attack targeting the NPM supply chain. The malicious version of @ctrl/tinycolor (with a weekly download volume of 2.2 million) was released, which runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.
This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/update operations, and lock the version to a known safe one.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Americans are starting to use bitcoin mining equipment to heat their homes during winter
Bit Digital releases Q3 financial report: Ethereum holdings increase to 153,547, staking income reaches $29 million
Trending news
MoreCrypto prices
More
