Poisoned packages NPM developer reputations could be leveraged to legitimize malicious software

03-May-22

Security researchers have discovered that open source software creators’ reputations might be leveraged to disseminate harmful NPM packages without their knowledge or agreement.

On April 26, Aqua’s Team Nautilus’ cybersecurity team released a security advisory on the problem, which “enabled threat actors to disguise a malicious package as legitimate and fool na�ve developers into installing it.” Read More…