A NPM supply-chain attack dating back from December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of apps and websites. The attackers are known as IconBurst.
They used typosquatting, a technique in which hackers offer popular packages to infect developers. One of the malicious NPM packages in this attack has more than 17,000 downloads. If fooled, they would add the malicious packages designed to steal data from embedded forms to their apps or websites.
Today, more than 6 months after this attack, some of the malicious IconBurst packages are still available for download in the NPM registry.
