Safeguard
Tag

ua-parser-js

Safeguard articles tagged "ua-parser-js" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Threat Research

Lessons from the ua-parser-js Compromise: Four Hours, Eight Million Downloads a Week

A hijacked npm account turned a tiny User-Agent parser into a cryptominer and password stealer for a few hours in 2021. Here is what account takeover does at ecosystem scale.

Jul 7, 20266 min read
Software Supply Chain Security

ua-parser-js npm hijack incident

In 2021, a hijacked npm account pushed cryptomining and password-stealing malware into ua-parser-js for 4 hours. Here's what happened and how to catch it faster.

Jul 5, 20266 min read
Incident Analysis

UA-Parser-JS October 2021: A Deep Dive on the Attack

The ua-parser-js compromise of October 2021 paired credential theft with cryptominer and password stealer payloads. A close look at what happened and why.

Feb 17, 20265 min read
Incident Analysis

UAParser.js npm package compromise

A deep dive into the 2021 ua-parser-js npm compromise: how a hijacked maintainer account delivered cryptominers and credential stealers to millions.

Nov 8, 20257 min read
Open Source Security

The ua-parser-js npm Hijack of October 2021

An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.

Oct 25, 20216 min read
Open Source Security

npm Package ua-parser-js Compromised: 8 Million Weekly Downloads Weaponized

Attackers hijacked the ua-parser-js npm package account and published malicious versions containing cryptominers and password stealers. The package gets 8 million downloads per week.

Jul 15, 20215 min read
ua-parser-js — Safeguard Blog