NPM package steals Chrome passwords on Windows via recovery tool
New npm malware has been caught stealing credentials from the Google Chrome web browser by using legitimate password recovery tools on Windows systems.
Additionally, this malware listens for incoming connections from the attacker's C2 server and provides advanced capabilities, such as screen and camera access, directory listing, file lookup, file upload, and shell command execution.
As seen by BleepingComputer, the identified packages have been sitting on the npm registry since 2018 and scored over 2,000 total downloads at the time of writing.
Today, researchers at ReversingLabs have disclosed their findings on two malicious npm packages that secretly steal passwords from your Chrome web browser.
These packages were discovered by ReversingLabs' Titanium Platform static analysis engine that employed machine learning algorithms.
