Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers

In The Hacker News - Original news source is thehackernews.com by Blog Writer

Post Sharing
A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser.
The package in question, named “nodejs_net_server” and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent