{"version":"1.0","provider_name":"SecurityIT | Cyber Security Consulting","provider_url":"https:\/\/www.show.it\/en\/","author_name":"SecurityIT","author_url":"https:\/\/www.show.it\/en\/author\/securityit\/","title":"Malicious NPM, PyPI Packages Stealing User Information - SecurityIT | Cyber Security Consulting","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"Qkkd7LDTfa\"><a href=\"https:\/\/www.show.it\/en\/malicious-npm-pypi-packages-stealing-user-information\/\">Malicious NPM, PyPI Packages Stealing User Information<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/www.show.it\/en\/malicious-npm-pypi-packages-stealing-user-information\/embed\/#?secret=Qkkd7LDTfa\" width=\"600\" height=\"338\" title=\"&#8220;Malicious NPM, PyPI Packages Stealing User Information&#8221; &#8212; SecurityIT | Cyber Security Consulting\" data-secret=\"Qkkd7LDTfa\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/www.show.it\/wp-includes\/js\/wp-embed.min.js\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/www.show.it\/wp-content\/uploads\/2023\/02\/16834-malicious-npm-pypi-packages-stealing-user-information-768x432.jpg","thumbnail_width":600,"thumbnail_height":338,"description":"Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors are increasingly relying on software supply chain attacks to infect both developers and users with malware. According to [&hellip;]"}