CDN Service Exposes Users to Malicious Packages for Phishing Attacks Invisible to Security Tools

Malicious package previously removed are still accessible through jsdelivr and results in phishing attack Highlights: CloudGuard Spectral detected a malicious package on NPM that applied a phishing attack to gain its user’s credentials To do so, the package relied on a file from a malicious package, already detected and removed from NPM, which was still available through a popular NPM CDN service – ‘jsdelivr’ Once detected, we’ve alerted NPM and jsdelivr of the malicious package and the malicious flow NPM and jsdelivr NPM, short for Node Package Manager, is a widely used package manager for the JavaScript programming language, the […]

The post CDN Service Exposes Users to Malicious Packages for Phishing Attacks Invisible to Security Tools appeared first on Check Point Blog.

This article has been indexed from Check Point Blog

Read the original article: