Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment transactions. The package, @naderabdi/merchant-advcash, masquerades as a legitimate integration for the digital payment platform Advcash (now rebranded as Volet). The package embeds a reverse shell activated after successful payments that enables attackers to remotely commandeer systems. Advcash, though niche… Read more »
The post Masquerading payment npm package installs backdoor appeared first on Developer Tech News.