Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique socket.dev/blog/mali…

Threat actors use many different techniques to obfuscate malicious code, like reversing strings, encoding, and encryption. The Socket Threat Research Team discovered a malicious package, fezbox, with layers of obfuscation including the innovative, steganographic use of a QR code. In this package, the threat actor (npm alias janedu; registration email janedu0216@gmail[.]com) executes a payload within a QR code to steal username and password credentials from web cookies, within the browser.