The Latest in IT Security

Hacker adds malicious bitcoin-stealing code to popular JavaScript library

27
Nov
2018
Hacker adds malicious bitcoin-stealing code to popular JavaScript library

phishing_hacker_binary_keyboard_privacy_security-breach-100765213-large

Tired of maintaining code that was written to be freely distributed, an “unrepentant module giver awayer” (aka developer) handed it over after GitHub dev “right9control” volunteered to take over the popular JavaScript library. The library Event-Stream, written in Node.js, has over 2 million downloads per week. The library, which was listed in NPM’s repository, was then updated with malicious code that contains cryptocurrency-stealing malware.

Put another way, Event-Stream was updated to include Flatmap-Stream as a dependency. The latter was then modified to include the bitcoin-stealing malware.

Everyone using Event-Stream in their projects is urged to make sure they don’t have a tainted version and update to the latest Event-Stream version 4.0.1.

Read More

Leave a reply


Categories

THURSDAY, DECEMBER 13, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks