Sensitive Data Exfiltration Campaign Targets npm and PyPI

Phylum has discovered another new multi-ecosystem campaign aiming to exfiltrate sensitive machine information to a remote server. The attack has grown in both scope and complexity over the course of the past weeks and appears to be ongoing. Phylum will continue to actively monitor it, providing updates as we learn

attack campaign complexity continue course data data exfiltration ecosystem exfiltration information learn machine monitor npm npm and pypi phylum pypi remote server research scope sensitive sensitive data server updates