A highly sophisticated npm supply chain attack that abuses a fake HTTP client package to deliver both a powerful RAT and a stealthy browser stealer. The malicious package, undicy-http@2.0.0, was uploaded to npm to impersonate undici, the official HTTP client widely used in Node.js projects. Despite the similar name, it contains no HTTP client logic; […]

The post NPM Supply Chain Attack Uses undicy-http to Deploy RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.