Hackernoon Icon Hackernoon

I'm harvesting credit card numbers and passwords from your site. Here's how.

logged by @adamstac 2018-01-07T04:54:29.129835Z permalink #security

This is pretty scary regardless if it's based on a true story or not.

When I first wrote this code back in 2015, it was of no use at all sitting on my computer. I needed to get it out into the world. Out into your site.

Lucky for me, we live in an age where people install npm packages like they’re popping pain killers.

So, npm was to be my distribution method. I would need to come up with some borderline-useful package that people would install without thinking — my Trojan horse.

Oh and then there was this — this is an excellent opportunity for taking over npm packages and injecting malware by malicious people.

0:00 / 0:00