On October 23, the US Cybersecurity and Infrastructure Security Agency warned on Friday that a popular JavaScript library (npm package) was hacked and modified by malicious code that installed an infected version of the system. Downloaded and installed a cryptocurrency mining program on.
The incident was discovered on Friday, October 22. It affects UAParser.js, a JavaScript library used to read information stored in user agent strings. According to its official website, the library is used by Facebook, Apple, Amazon, Microsoft, Slack, IBM, HPE, Dell, Oracle, Mozilla, Shopify, Reddit and many Silicon Valley companies. According to its npm page, the library’s weekly downloads are often between 6 million and 7 million. Damaged version: 0.7.29, 0.8.0, 1.0.0.