Miasma Turns Trusted npm Packages Into Persistent Backdoors for Developer Machines
Miasma has returned through software packages that many developers would normally trust. Four AsyncAPI packages on npm were altered to deliver a Miasma v3 payload, creating a route for long-term remote access. The campaign does not depend on malware running when a package is installed. Instead,...