Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They only found these malwares because the malware part was at the top level. Who knows how many are there that hide this logic in an npm dependency.


Reminds me of

https://david-gilbertson.medium.com/im-harvesting-credit-car...


Now what if there only was a way to detect apps doing suspicious network requests... /s




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: