zCat on Nostr: npm Package Lottie-Player Compromised in Supply Chain Attack A targeted supply chain ...
npm Package Lottie-Player Compromised in Supply Chain Attack
A targeted supply chain attack involving the widely used npm package @lottiefiles/lottie-player has been uncovered, highlighting vulnerabilities in software dependencies.
The @lottiefiles/lottie-player package was downloaded approximately 84,000 times weekly and is used to embed and play Lottie animations on websites.
The malicious updates contained altered code that introduced pop-ups prompting users to connect their web3 wallets.
See more: https://www.infosecurity-magazine.com/news/npm-package-lottieplayer-supply/
#cybersecurity #malware #cryptocurrency
A targeted supply chain attack involving the widely used npm package @lottiefiles/lottie-player has been uncovered, highlighting vulnerabilities in software dependencies.
The @lottiefiles/lottie-player package was downloaded approximately 84,000 times weekly and is used to embed and play Lottie animations on websites.
The malicious updates contained altered code that introduced pop-ups prompting users to connect their web3 wallets.
See more: https://www.infosecurity-magazine.com/news/npm-package-lottieplayer-supply/
#cybersecurity #malware #cryptocurrency