ByteBrief

Best read upright.

We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.

(We tried widescreen once. It wasn't us.)

ByteBrief

DevThe Hacker Newsabout 3 hours ago

Hijacked npm and Go Packages Deploy Python Infostealer

1 min read

Two hijacked npm packages and a cluster of Go packages deploy a Python infostealer on Windows, Linux, and macOS. The attack hides execution inside a VS Code task named "eslint-check" that runs automatically when the project folder opens. The malware retrieves encrypted JavaScript from blockchain transaction data and launches a socket.io backdoor.

Level

Hype check

Tap to vote and see what everyone thinks.

#npm #go #infostealer

Best read upright.

Hijacked npm and Go Packages Deploy Python Infostealer

More to chew on!

More to chew on!