Malicious npm Packages Published with Valid Signatures
Attackers compromised the art-template npm package to distribute an exploit framework targeting iOS Safari. The exploit is described as Coruna-like. Socket Threat Research provided analysis of the package takeover and device fingerprinting techniques.
Topics
Developing
- 870d Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.
- 870d Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
- 870d Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est.
- 870d Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Sources · 7 independent
GDELT
“npm Package Art-template Hijacked for iOS Exploit”
Unlock the full story
Get a Pro subscription or above to see the live story progression and the full list of independent sources confirming each event as they happen.
Log in to upgrade