A threat actor is actively distributing malicious NPM packages that collect and send detailed system information to a Discord webhook, targeting developers across Windows, Linux, and macOS. This campaign could facilitate future network intrusions and supply chain attacks by exposing internal infrastructure details. #NPM #CyberThreats
Keypoints
- The threat actor published 60 malicious NPM packages containing a system information stealer script.
- The script collects hostnames, IP addresses, DNS servers, and directory paths, sending data to a Discord webhook.
- All targeted packages remain active on NPM, and efforts are underway to have them removed.
- The collected data helps link internal networks to public infrastructure, enabling future attacks.
- Developers are advised to use dependency-scanning tools to detect suspicious package behaviors.
Read More: https://www.securityweek.com/ongoing-campaign-uses-60-npm-packages-to-steal-data/