NPM Package Steals Chrome Credentials By Using Legit Password Recovery Tools
ReverseLabs researchers have disclosed their findings on two npm packages that steal passwords from the Google Chrome browser. The packages names are nodejs_net_server and temptesttempfile. The main method of stealing the credentials is by using legitimate password recovery tools. However, malicious packages are also able to listen for incoming connections from the attacker's C2 server and provide advanced capabilities, such as screen and camera access, directory listing, file lookup, file upload, and shell command execution. Read more...