Looks like we have another #supplychain attack underway, this time facing #SAP-related NPM packages.

ifin@infosec.exchange

Looks like we have another #supplychain attack underway, this time facing #SAP-related NPM packages.

SAP npm Packages targeted with Credential-stealing Malware

So far, four SAP-related npm packages have been compromised where the preinstall scripts inject malicious preinstall hooks that bootstrap the Bun JavaScript runtime and executes an obfuscated credential stealer payload (…

IFIN (discourse.ifin.network)

#ThreatIntel #ThreatIntelligence #IFIN