Groundhog day: NPM package caught stealing browser passwords (blog.secure.software) 2 points by OMGWTF 4y ago ↗ HN
[–] theamk 4y ago ↗ > This detection was assigned to an embedded Windows executable file...I think this should be enough to declare it "malware", no? Why would one put a Windows (or any other) executable into repository for Javascript packages except to be malicious?
1 comment
[ 3.9 ms ] story [ 13.9 ms ] threadI think this should be enough to declare it "malware", no? Why would one put a Windows (or any other) executable into repository for Javascript packages except to be malicious?