Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

In an apparent example of a “complex and persistent” supply chain attack, trojanized versions of jQuery have been discovered being spread by unknown threat actors on npm, GitHub, and jsDelivr.

Phylum stated in a report released last week that the substantial variability among packages makes this attack stand out.

Using jQuery’s rarely used ‘end’ function, which is internally invoked by the more widely used ‘fadeTo’ function from its animation utilities, the attacker has deftly concealed the malware.

Up to 68 parcels have been connected to the initiative. From May 26 to June 23, 2024, they were added to the npm registry under a variety of names read more about Trojanized jQuery Packages Found on npm GitHub and jsDelivr Code Repositories.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *