LottieFiles

  • Blog

    LottieFiles hit in npm supply chain attack targeting users’ crypto

    LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. As discovered yesterday, following multiple user reports about strange code injections, the affected versions are Lottie Web Player (“lottie-player”) 2.0.5, 2.0.6, and 2.0.7, all published yesterday. LottieFiles quickly released a new version, 2.0.8, which is…

    Read More »
Back to top button
close