Cross-Platform NPM Stealer, (Fri, May 22nd)
Source: Isc.Sans.Edu
Published:
<p>I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). The SHA256 is 049300aa5dd774d6c984779a0570f59610399c71864b5d5c2605906db46ddeb9[ 1 ]. It did not run properly in a sandbox