AsyncAPI npm packages infected with credential-stealing malware
AsyncAPI npm packages were found to be infected with credential-stealing malware, as reported by BleepingComputer. The malware targeted users of the AsyncAPI specification, a widely used standard for describing event-driven APIs. The compromised packages were designed to steal credentials from developers who installed them. This incident highlights the ongoing risk of supply chain attacks in the npm ecosystem, where malicious actors inject malware into legitimate packages to compromise downstream users. The exact packages and versions affected were not specified in the source, but the attack underscores the importance of verifying package integrity and monitoring for suspicious activity in software dependencies.
Developers using AsyncAPI npm packages risk credential theft from supply chain malware.