THREAT OPS › Threat News › Backdoored node-ipc npm releases steal developer credentials through DNS queries
Backdoored node-ipc npm releases steal developer credentials through DNS queries
An analysis of backdoored node-ipc npm releases that add an obfuscated credential collection and DNS exfiltration payload to the CommonJS entrypoint.
MITRE ATT&CK techniques
- CredentialsT1589.001