Socket (@SocketSecurity) “We published our technical analysis. The @antv payload includes worm-like npm p” — TopicDigg
Socket
@SocketSecurity
Socket is the #1# software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware
加入 November 2021
4.6K 正在关注 17.1K 粉丝
We published our technical analysis. The @antv payload includes worm-like npm propagation logic: validate stolen npm tokens, enumerate packages, inject the payload, bump versions, and republish under the compromised maintainer identity.
This is why these attacks can move so fast.
There are now 2.1k public GitHub repos using the reversed Shai-Hulud marker and Dune-themed names, showing the fallback path is active at scale.
显示更多
