Malicious NPM packages targeting Windows Chrome users with obfuscated code

Researchers at JFrog Security uncovered eight malicious NPM packages designed to compromise Google Chrome users on Windows. Using 70 layers of code obfuscation, these packages evaded detection and silently installed Python to run hidden scripts that stole passwords, credit card info, crypto wallets, and cookies.

Malicious NPM packages targeting Windows Chrome users with obfuscated codeMalicious NPM packages targeting Windows Chrome users with obfuscated code

The packages, linked to two NPM accounts named “ruer” and “npjun,” highlight the growing threat of supply chain attacks exploiting open-source repositories through tactics like typosquatting.

Malicious NPM packages targeting Windows Chrome users with obfuscated codeMalicious NPM packages targeting Windows Chrome users with obfuscated code

JFrog has removed the malicious packages but warns this incident underscores the need for stronger supply chain security and automated scanning to protect developers and users from sophisticated attacks.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security