'cors-parser' is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a "parser" for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download what may appear to be PNG images at first. These "images," however, contain encoded instructions to drop malware — a backdoor on target systems.

The post ‘cors-parser’ npm package hides cross-platform backdoor in PNG files appeared first on Security Boulevard.