βcors-parserβ npm package hides cross-platform backdoor in PNG files
11 June 2024 at 11:00
'cors-parser' is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a "parser" for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download what may appear to be PNG images at first. These "images," however, contain encoded instructions to drop malware β a backdoor on target systems.
The post βcors-parserβ npm package hides cross-platform backdoor in PNG files appeared first on Security Boulevard.