Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a « complex and persistent » supply chain attack.
« This attack stands out due to the high variability across packages, » Phylum said in an analysis published last week.
« The attacker has cleverly hidden the malware in the seldom-used ‘end’ function of
