Skip to main content

Crims poison 150K+ npm packages with token-farming malware

1 month 3 weeks ago
Amazon spilled the TEA

Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…

Jessica Lyons