Npm packages conceal macOS malware in 'travis.yml' files, drop bogus "Safari Updates"

Npm packages conceal macOS malware in 'travis.yml' files, drop bogus  "Safari Updates"

Three npm packages identified by Sonatype this week conceal malware in "travis.yml," a CI/CD build configuration file used by Travis CI. These packages contain metadata, description, and code copied from the legitimate "cli-width" package but instead deploy malicious macOS binary, disguised as "Safari updates."

Article Link: Npm packages conceal macOS malware in 'travis.yml' files, drop bogus  "Safari Updates"