Another attack targeting the NPM supply chain occurs as @ctrl/tinycolor releases a malicious version
ChainCatcher news, Scam Sniffer has detected another attack targeting the NPM supply chain. The malicious version of @ctrl/tinycolor (with a weekly download volume of 2.2 million) was released, which runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.
This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/update operations, and lock the version to a known safe one.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
The altcoin season index remains at a low level, currently at 19.
The probability of Stable token's FDV exceeding $2 billion on its first day of launch rises to 85%
MOODENG surges over 43% in 24 hours, with a current market cap of $104 million
Suspected Wintermute wallet has accumulated approximately $5.2 million worth of SYRUP in the past two weeks
Trending news
MoreCrypto prices
More
