Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Groundhog day: NPM package caught stealing browser passwords (secure.software)
2 points by OMGWTF on July 21, 2021 | hide | past | favorite | 1 comment


> This detection was assigned to an embedded Windows executable file...

I think this should be enough to declare it "malware", no? Why would one put a Windows (or any other) executable into repository for Javascript packages except to be malicious?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: