Groundhog day: NPM package caught stealing browser passwords

Groundhog day: NPM package caught stealing browser passwords(blog.secure.software)

2 points by OMGWTF 4 years ago | 0 comments

theamk 4 years ago |

> This detection was assigned to an embedded Windows executable file...

I think this should be enough to declare it "malware", no? Why would one put a Windows (or any other) executable into repository for Javascript packages except to be malicious?

theamk 4 years ago |

> This detection was assigned to an embedded Windows executable file...

I think this should be enough to declare it "malware", no? Why would one put a Windows (or any other) executable into repository for Javascript packages except to be malicious?