A malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a deceptive naming strategy and a hidden postinstall script. The package, impersonating the well-known TanStack ecosystem, was weaponized to steal sensitive environment files immediately after installation. The attacker registered the unscoped tanstack package name on npm, exploiting confusion with the legitimate @tanstack organization, […]
The post Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: