Cybercriminals exploited typosquatting to deploy a malicious npm package, `@typescript_eslinter/eslint`, targeting developers seeking the legitimate TypeScript ESLint plugin, which was designed to mimic the genuine plugin, compromised systems by monitoring keystrokes, clipboard data, and executing remote commands. They leveraged a WebSocket server for real-time control and data exfiltration as the persistence of a secondary malicious […]
The post Malicious ESLint Package Let Attackers Steal Data And Inject Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform