A sophisticated npm supply chain attack that leverages the popular artificial intelligence platform Hugging Face to distribute second-stage malware. The malicious package, known as terminal-logger-utils, acts as a dropper for a highly capable Node.js implant. This malware targets sensitive developer and corporate data, including Telegram sessions, SSH keys, cryptocurrency wallets, and environment variables. It also […]
The post npm Supply Chain Attack Uses Hugging Face For Second-Stage Malware appeared first on Cyber Security News.