chrome-api-utils
chrome-api-utils is identified in the SafeDep analysis "Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
discovered 2025-01-16
Threat types
ratpersistencedependency_confusiontyposquat
Malicious versions
- 1.1.0
Campaigns
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1036 Masquerading: package impersonation and typosquattinguses
- ttpT1105 Ingress Tool Transferuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1546 Event Triggered Executionuses
