<ul><li>Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.</li><li>"Using PayPal-related names helps these malicious packages avoid detection, making it easier for attackers to steal sensitive information.</li><li>Malicious NPM packages use a preinstall hook to run hidden scripts, steal system info, obfuscate data, and exfiltrate it to attacker-controlled servers for future attacks.</li><li>Fortinet researchers recommend watching for fake PayPal-related packages, checking network logs for odd connections, removing threats, updating credentials, and staying cautious when installing packages.</li></ul>

Malicious NPM packages target PayPal users

Discover more