Another attack targeting the NPM supply chain occurs as @ctrl/tinycolor releases a malicious version
ChainCatcher news, Scam Sniffer has detected another attack targeting the NPM supply chain. The malicious version of @ctrl/tinycolor (with a weekly download volume of 2.2 million) was released, which runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.
This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/update operations, and lock the version to a known safe one.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Tether suspends bitcoin mining in Uruguay due to rising energy costs, laying off 30 local employees
WLFI: BNB Ecosystem USD1 Zero-Fee Promotion Extended Until December 31
Bitwise BSOL Solana ETF increased its holdings by 93,167 SOL in the past hour
CoinMarketCap launches MACD dashboard, supporting comparison of momentum indicators for multiple cryptocurrencies
Trending news
MoreCrypto prices
More
