NG Solution Team
Technology

How Did a Hacker Infect Popular Software with Malware?

A hacker has successfully infiltrated numerous popular software packages with a crypto-stealing malware after phishing the developer responsible for their maintenance. The malware was detected in 18 software modules, which collectively are downloaded two billion times weekly. These modules are part of “npm packages” essential for JavaScript projects. The developer, Josh Junon, confirmed the breach, attributing it to a phishing email mimicking official communications from npmjs.com. The email urged users to update their two-factor authentication and led to a hacker-controlled domain, compromising Junon’s account. While the breach is deemed the largest supply chain compromise in npm history, the impact may be minimal as the malicious versions were available for a short time and reportedly had no downloads. The malware targets cryptocurrency transactions by redirecting them to the hacker’s accounts. Despite the significance of the compromise, experts believe the attack was amateurish, although there are indications other npm maintainers might have been targeted.

Related posts

How much did Indian startups raise between August 11 and August 16, 2025?

Michael Johnson

Has a zero-day vulnerability in Libraesva ESG been exploited by attackers?

James Smith

How can the Arkansas AI Conference guide businesses in ethical tech use?

Emily Brown

Leave a Comment

This website uses cookies to improve your experience. We assume you agree, but you can opt out if you wish. Accept More Info

Privacy & Cookies Policy