CyberSecurity News
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
AI summary
Cybersecurity researchers have discovered hijacked packages in npm and Go that are used to deploy an information stealer written in Python. The affected packages target Windows, Linux, and macOS systems. The attack bypasses typical npm execution methods, potentially to evade security enhancements in npm version 12. This approach allows the attack to remain compatible with the newer version's security hardenings. The information stealer is deployed using VS Code tasks.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.