National Cyber Warfare Foundation (NCWF)

‘cors-parser’ npm package hides cross-platform backdoor in PNG files
0 user ratings		2024-06-11 17:44:19
milo
Blue Team (CND)
 - archive -- 

'cors-parser' npm package hides cross-platform backdoor in PNG files

'cors-parser' is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a "parser" for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download what may appear to be PNG images at first. These "images," however, contain encoded instructions to drop malware — a backdoor on target systems.


The post ‘cors-parser’ npm package hides cross-platform backdoor in PNG files appeared first on Security Boulevard.



Ax Sharma

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/06/cors-parser-npm-package-hides-cross-platform-backdoor-in-png-files/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.