A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. […]
Go to Source
Author: Bill Toulas
Security
Malicious npm package using steganography downloaded by hundreds
