A malicious npm package named undicy-http has surfaced inside the Node.js developer ecosystem, quietly compromising machines of developers who mistakenly install it. The package impersonates undici, the official HTTP client library bundled with Node.js that handles millions of weekly downloads. Despite sharing a near-identical name, undicy-http contains zero HTTP client functionality. Instead, it launches a two-stage attack capable of stealing […]
The post New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: