Watch Out, Devs: Malicious Codes on NPM

Ever heard of sneaky hackers trying to trick you? That’s what’s happening on NPM, a popular site for sharing code. Hackers are uploading hundreds of fake packages, trying to fool developers into downloading malware. These fake packages have names that look like real ones, such as Puppeteer and Bignum. js. But they’re not what they seem! These hackers are clever, hiding their secret servers by using something called an ethereum smart contract. It’s a tricky way to sneak in malware without being obvious.

This isn’t the first time this has happened. Just a few weeks ago, hackers targeted developers using a similar library. Experts from Phylum, a security firm, are warning developers to watch out. They remind us that these supply chain attacks are still happening. So, be careful what you download!

Actions