NPM Package Steals Passwords via Chrome’s Account-Recovery Tool
A new widespread software supply-chain attack has been discovered by researchers, this time consisting of a password stealer harvesting credentials from Chrome on Windows systems via a tool called ChromePass. According to researchers, the campaign was discovered after professionals caught the malware stealing credentials, listening for incoming commands from the attacker’s command and control server, uploading files, recording from screens and cameras on devices, and executing shell commands. The credential-stealing malware uses legitimate password recovery tools in Google’s Chrome web browser. Researchers initially found the malware through an npm open-source code repository.