CISA warns of trojanized versions of JavaScript library’s NPM package


On Friday, the US Cybersecurity and Infrastructure Security Agency (CISA) released a warning to disclose an incident related to the GitHub Advisory Database. According to CISA, a crypto-mining malware was hidden in a popular JavaScript NPM library, UAParser.js.

The library rakes in more than six to eight million downloadsper week and is used in websites and applications to identify browsers and systems used. The NPM platform became a part of Microsoft-owned GitHub in 2020.

Read more…