Malicious npm and VS Code Packages Exploiting Developers and Stealing Data

May 26, 2025 at 02:17 PM

•

1 min read

Malicious npm and VS Code Packages Exploiting Developers and Stealing Data — Photo: The Hacker News

TL;DR Summary

Researchers have uncovered over 70 malicious npm and VS Code packages used for data theft, cryptomining, and destructive payloads, with threat actors deploying sophisticated techniques including masquerading as legitimate tools, evading sandbox detection, and using multi-stage infection chains to compromise developers' systems and steal sensitive information.

Topics:technology #cryptocurrency #cybersecurity #data-theft #malicious-packages #npm #supply-chain-attack

Share this article

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto The Hacker News
Dozens of malicious packages on NPM collect host and network data BleepingComputer
Destructive malware available in NPM repo went unnoticed for 2 years Ars Technica
Hackers Using Weaponized npm Packages to Attack React, Node.js JavaScript Frameworks CybersecurityNews
New supply chain attack with malicious scripts in npm packages heise online

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 6 min read

Condensed

96%

1,028 → 46 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights