{"id":6165,"date":"2018-07-13T07:53:57","date_gmt":"2018-07-13T07:53:57","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/"},"modified":"2018-07-13T07:53:57","modified_gmt":"2018-07-13T07:53:57","slug":"now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/","title":{"rendered":"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders"},"content":{"rendered":"<p><strong class=\"trailer\">Updated<\/strong> An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers&#8217; NPM login tokens.<\/p>\n<p>The open-source utility <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/github.com\/eslint\/eslint-scope\">eslint-scope<\/a> was <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/github.com\/eslint\/eslint-scope\/issues\/39\">altered<\/a> by hackers so that, when used to analyze source code, it would copy the contents of the user&#8217;s <code>~\/.npmrc<\/code> file to an outside server via HTTPS \u2013 that file would include the victim&#8217;s NPMjs.org login token.<\/p>\n<p>NPM is the <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2016\/03\/23\/npm_left_pad_chaos\/\">JavaScript world&#8217;s package manager<\/a> for libraries, toolkits, and other code projects. With those tokens in hand, scumbags could have started altering other packages to further collect login tokens, insert malicious code into programs, and so on, possibly initiating a chain reaction of cyber-crime.<\/p>\n<p>Although eslint-scope has more than <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.npmjs.com\/package\/eslint-scope\">two million weekly downloads<\/a>, we&#8217;re told only a small number of people were stung by the compromised version, and had their tokens swiped. Tokens issued before 1230 UTC today have been revoked, people should change their NPM passwords and enable two-factor authentication, and an investigation is underway to discover if any NOPM packages have been vandalized via stolen credentials.<\/p>\n<h3 class=\"crosshead\"><span>Hijacked<\/span><\/h3>\n<p>Version 3.7.2 of eslint-scope was pushed to NPM by miscreants who gained control of a maintainer&#8217;s NPM account for the software: that&#8217;s the poisoned version that harvested people&#8217;s NPM login tokens. It was taken offline within two hours of going live.<\/p>\n<p>The credential thieves could have used the tokens to gain access to other NPM-managed projects that could, again, be used to spread more malware. NPM users download <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/twitter.com\/seldo\/status\/988477780441481217?lang=en\">billions<\/a> of packages every week.<\/p>\n<p>In other words, someone lost control their NPM account to an attacker, who then implanted malicious code in a popular tool maintained by that someone to gain access to NPM accounts to potentially infect further packages.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2015\/01\/26\/trojan_horse.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Headshot of Trojan horse\"\/><\/p>\n<h2 title=\"Lookalike npm packages grabbed stored credentials\">This typosquatting attack on npm went undetected for 2 weeks<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2017\/08\/02\/typosquatting_npm\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Understandably, NPM has already invalidated tokens issued before 2018-07-12 1230 UTC in an attempt to prevent the further spread of evil code. Unfortunately, the damage may have already been done. NPM said &#8220;a small number&#8221; of developers, and potentially their projects, were affected by this.<\/p>\n<p>&#8220;We believe the vector for this compromise was stolen credentials from one of the authorized publishers of the eslint-scope package,&#8221; <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/status.npmjs.org\/incidents\/dn7c1fgrr7ng\">NPM said<\/a> in a statement on its website.<\/p>\n<p>&#8220;We recommend all package authors enable two-factor auth to protect their accounts from this kind of attack.&#8221;<\/p>\n<p>The hijack is believed to have kicked off some time last night, with an eslint-scope maintainer&#8217;s account receiving a new unexpected NPM token overnight, tipping off coders to a possible security breach.<\/p>\n<p>&#8220;One of our maintainers did observe that a new npm token was generated overnight (said maintainer was asleep),&#8221; <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/github.com\/eslint\/eslint-scope\/issues\/39#issuecomment-404533026\">explained<\/a> eslint dev Kevin Partington.<\/p>\n<p>Anyone who used the infected version of eslint-scope has, by now, had their NPM tokens revoked, so that part of the attack has been mitigated. They should also delete the software, and install a known good version.<\/p>\n<p>NPM said it will conduct a further audit of all of its managed projects to determine just how bad the breach really was. \u00ae<\/p>\n<h3 class=\"crosshead\"><span>Updated to add<\/span><\/h3>\n<p>We understand some 4,500 login tokens were potentially swiped by the rogue JavaScript utility, although there has been no sign of any malicious activity beyond the compromise of eslint-scope. NPM&#8217;s CTO CJ Silverio dropped us a note to explain:<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1759\/shttp:\/\/www.mcubed.london\/\">Minds Mastering Machines &#8211; Call for papers now open<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2018\/07\/12\/npm_eslint\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tokens killed after eslint-scope utility compromised Updated\u00a0 An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers&#8217; NPM login tokens.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":6166,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-6165","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-13T07:53:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders\",\"datePublished\":\"2018-07-13T07:53:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/\"},\"wordCount\":577,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/\",\"name\":\"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg\",\"datePublished\":\"2018-07-13T07:53:57+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/","og_locale":"en_US","og_type":"article","og_title":"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-07-13T07:53:57+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders","datePublished":"2018-07-13T07:53:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/"},"wordCount":577,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/","url":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/","name":"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg","datePublished":"2018-07-13T07:53:57+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/now-pushing-malware-npm-package-dev-logins-slurped-by-hacked-tool-popular-with-coders\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/6165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=6165"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/6165\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/6166"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=6165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=6165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=6165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}