Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a “complex and persistent” supply chain attack.
“This attack stands out due to the high variability across packages,” Phylum said in an analysis published last week.
“The attacker has cleverly hidden the malware in the seldom-used ‘end’ function of

This article has been indexed from The Hacker News

Read the original article: