Our threat research team found a malicious npm plugin that backdoors Koishi chatbots, exfiltrating any message containing an 8-character hex string to a QQ account. A concrete example of supply chain threats in open source #chatbot frameworks.
https://socket.dev/blog/malicious-koishi-chatbot-plugin #JavaScript
