‘cors-parser’ is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a “parser” for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download what may appear to be PNG images at first. These “images,” however, contain encoded instructions to drop malware — a backdoor on target systems.

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/cors-parser-npm-package-hides-cross-platform-backdoor-in-png-files