Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » LottieFiles Issues Warning about hacked npm package “lottie-player”
Global Security

LottieFiles Issues Warning about hacked npm package “lottie-player”

AdminBy AdminOctober 31, 2024No Comments2 Mins Read
npm Package
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 31, 2024Ravi LakshmananCryptocurrency / Software Development

The npm package

LottieFiles discovered that its npm package ‘lottie-player’ had been compromised in a supply chain attack, prompting it to release an updated version of the library.

“Oct 30 ~18:20 UTC – LottieFiles has been notified that our popular open source npm web player package @lottiefiles/lottie-player contains unauthorized new versions with malicious code,” the company said in a statement. said in a statement on X. “This does not affect our dotlottie player and/or SaaS service.”

LottieFiles is an animation workflow platform that allows designers to create, edit, and share animations in a JSON-based animation file format called Lottie. It is also the developer of an npm package called lottery playerwhich allows Lottie animations to be embedded and played on websites.

Cyber ​​security

According to the company, “a large number of users using the library via third-party CDNs without a patched version were automatically served the compromised version as the latest release.”

The malicious versions package containing code which prompted users to connect their cryptocurrency wallets with the likely goal of merging their funds. Users using versions 2.0.5, 2.0.6 and 2.0.7 are advised to upgrade to 2.0.8.

“Versions 2.0.5, 2.0.6, 2.0.7 were published directly to https://npmjs.com within an hour using a compromised access token from a developer with the necessary privileges,” LottieFiles noted.

In addition to the patch release, three fake versions were unpublished in the npm package repository. LottieFiles said it has also activated its incident response plan and brought in an external incident response team to assist in the investigation.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.