Security researchers at Socket.dev uncovered a sophisticated supply chain attack in late August 2025 leveraging a malicious npm package named nodejs-smtp, which masquerades as the widely used email library nodemailer, boasting approximately 3.9 million weekly downloads. At first glance, nodejs-smtp operates identically to its legitimate counterpart, supplying a familiar API and successfully dispatching emails. This […]
The post Malicious npm Package Mimics as Popular Nodemailer with Weekly 3.9 Million Downloads to Hijack Crypto Transactions appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: