Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...
Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Forbes

MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera

Update, Dec. 10, 2024: This story, originally published Dec. 09, has been updated with a statement from Brave. Threat researchers have confirmed that a nasty new scam that targets macOS users is being ...