Comment by GuB-42
2 months ago
> Shai Hulud
Clever name... but I would have expected malware authors to be a bit less obvious. They literally named their giant worm after a giant worm.
> At the core of this attack is a ~3.6MB minified bundle.js file
Yep, even malware can be bloated. That's in the spirit of NPM I guess...
I suppose it's only a matter of time before one of these supply chain attacks unintentionally pulls in a second, unrelated supply chain attack.
fish grow to the meet the size of the fishbowl
Malwares have to follow Moore's law, tequila virus was ~2.6kb in 1991.
not quite moore's law, growth at only 1.226x per year