☣️ GitLab discovers widespread npm supply chain attack

｢ Harvests credentials from GitHub, npm, AWS, GCP, and Azure
Exfiltrates stolen data to attacker-controlled GitHub repositories
Propagates by automatically infecting other packages owned by victims
Contains a destructive payload that triggers if the malware loses access to its infrastructure ｣

about.gitlab.com/blog/gitlab-d…

#npm #supplychainattack #cybersecurity

GitLab discovers widespread npm supply chain attack

Malware driving attack includes "dead man's switch" that can harm user data.

^{Michael Henriksen (GitLab)}