THREAT OPS › Threat News › Compromised AsyncAPI packages on npm deliver malware
Compromised AsyncAPI packages on npm deliver malware
A commit to the AsyncAPI generator GitHub repository injected obfuscated JavaScript into four npm packages with a combined weekly download volume of over 3 million. Here's what we know and how to check if you're affected.
MITRE ATT&CK techniques
- JavaScriptT1059.007