Security · 1h ago
AsyncAPI npm Packages Hijacked to Spread Botnet Malware
Four compromised npm packages in the @asyncapi namespace were found distributing a multi-stage botnet loader. The affected packages include @asyncapi/generator-helpers, generator-components, generator, and specs. Security firms OX Security, SafeDep, Socket, and StepSecurity reported the findings.
Meridian48 take
The supply chain attack on a widely used API specification tool underscores the persistent vulnerability of open-source ecosystems to credential theft and malicious code injection.
Read the full reporting
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware →
The Hacker News
npm-supply-chainbotnet-malware