Log In
Get Started Free

cognitive cybersecurity intelligence

News and Analysis

Search

Malicious npm Package in Koishi Chatbots Silently Exfiltrate Sensitive Data in Real Time

Malicious npm Package in Koishi Chatbots Silently Exfiltrate Sensitive Data in Real Time

A supply chain cyberattack aimed at users of the Koishi chatbot has been detected, utilising a harmful npm package “koishi-plugin-pinhaofa.” The package monitors all messages processed by the chatbot, forwarding any that contain an eight-character hexadecimal string to a hardcoded QQ account. This may unknowingly disclose sensitive user data. Security experts recommend reviewing installed plugins and isolation of bots to prevent unauthorised data transmission.

Source: cybersecuritynews.com –
 Read more
Linkedin Youtube Facebook Instagram

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts

3000 Sand Hill Road, Building 3, Suite 210, 
Menlo Park, CA 94025

Products
Solutions
Healthcare cybersecurity​
Healthcare Threat Intelligence
Use Cases
News and Analysis
Insights
Company

© 2024 HEAL Security, Inc. “Cognitive Cybersecurity Intelligence.” All rights reserved.
3000 Sand Hill Road, Building 3, Suite 210, Menlo Park, CA 94025.
California Consumer: Do Not Sell My Info

Linkedin Youtube Facebook Instagram Soundcloud
Consent Preferences

V2025.05.09