Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting Koishi chatbot users through a malicious npm package. The package, identified as “koishi-plugin-pinhaofa,” appears innocuous but contains a hidden data exfiltration mechanism that monitors all messages processed by the chatbot. When the malware detects an eight-character hexadecimal string—often representing sensitive data like Git commit hashes, […]
The post Malicious npm Package in Koishi Chatbots Silently Exfiltrate Sensitive Data in Real Time appeared first on Cyber Security News.
This article has been indexed from Cyber Security News