Flutterby™! : event-stream trojan

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

event-stream trojan

2018-11-26 22:48:51.235596+01 by Dan Lyke 1 comments

RT Kevin Beaumont 🥴 Verified account @GossiTheDog:

NPM library with 2m installs has a backdoor, looks to be some kind of Trojan (stealer?)

https://github.com/dominictarr/event-stream/issues/116

The original author seems to have abandoned the project, someone came along and said they wanted to do something with the project, so: "...he emailed me and said he wanted to maintain the module, so I gave it to him. I don't get any thing from maintaining this module, and I don't even use it anymore, and havn't for years."

[ related topics: Language Books virus ]

comments in descending chronological order (reverse):

#Comment Re: event-stream trojan made: 2018-11-27 23:31:54.033614+01 by: Dan Lyke

https://schneid.io/blog/event-stream-vulnerability-explained/