Chrome Passwords | Breaking Cybersecurity News | The Hacker News

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named " nodejs_net_server " and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent locations hosted on GitHub.  "It isn't malicious by itself, but it can be when put into the malicious use context," ReversingLabs researcher Karlo Zanki  said  in an analysis shared with The Hacker News. "For instance, this package uses it to perform malicious password stealing and credential exfiltration. Even though this off-the-shelf password recovery tool comes with a graphical user interface, malware authors like to use it as it can also be run from the command line." While the first version of the package was put out just to test the process of p...