Supply Chain Attack Compromises npm Packages with Malicious Dependency
A supply chain attack targeted the @mastra npm organization, distributing a malicious dependency to 144 package versions within a short timeframe. The attack leveraged a typosquatted dependency, 'easy-day-js', to deliver a cross-platform Remote Access Trojan. This malware aimed to steal sensitive data, including LLM API keys, cloud credentials, and cryptocurrency wallet extensions.
Want more?
Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.