NPM Package Hides Malware in Steganographic QR Codes
Researchers from Socket Threat Research discovered a malicious npm package named "fezbox," which masqueraded as a JavaScript utility library. This package contained a credential-stealing payload hidden within a steganographic QR code. Upon execution, the QR code extracted and transmitted username and password credentials from web cookies to an external server. The attacker, identified by the alias "janedu," employed advanced obfuscation techniques to conceal the malicious code. The package has since been removed from the npm registry, but developers who previously downloaded it may still be at risk. https://www.darkreading.com/application-security/npm-package-malware-stenographic-qr-codes