Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems.The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC
First seen on thehackernews.com
Jump to article: thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html
